The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16 | x_refsource_CONFIRM |
| http://www.exploit-db.com/exploits/14360 | exploit x_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/41592 | vdb-entry x_refsource_BID |
| http://www.osvdb.org/66280 | vdb-entry x_refsource_OSVDB |
| http://struts.apache.org/2.2.1/docs/s2-005.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/59110 | third-party-advisory x_refsource_SECUNIA |
| http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html | x_refsource_MISC |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2 | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2010/Jul/183 | mailing-list x_refsource_FULLDISC |
| http://securityreason.com/securityalert/8345 | third-party-advisory x_refsource_SREASON |
| http://seclists.org/fulldisclosure/2020/Oct/23 | mailing-list x_refsource_FULLDISC |
| http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html | x_refsource_MISC |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 5.0 | MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
| Primary | 2.0 | 5.0 | MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
| CWE ID | Type | Source |
|---|---|---|
| NVD-CWE-Other | Primary | nvd@nist.gov |