Apache Struts OGNL expression RCE S2-057
Impact: High
Description
A Remote Code Execution (RCE) attack is possible in Apache Struts when alwaysSelectFullNamespace is set to true (either by the user or by a plugin like Convention Plugin), and certain conditions are met regarding the configuration of namespaces and packages. This vulnerability allows attackers to execute arbitrary code on the server.
Recommendation
To mitigate this vulnerability, it is recommended to upgrade to Apache Struts version 2.3.35 or 2.5.17, or newer versions.
References
- Apache Struts
- CVE-2018-11776
- CWE-20
- CWE-78
- OWASP 2021-A3
- OWASP 2021-A6
- S2-057 - Apache Struts 2 Wiki
👉 You might also like:
Apache Struts 2 Forced double OGNL evaluation S2-059 - CVE-2019-0230
Apache Struts 2 RCE S2-045 - CVE-2017-5638
Apache Struts 2 REST plugin XStream RCE S2-052 - CVE-2017-9805
Apache 2.4.49 Path Traversal and RCE - CVE-2021-41773, CVE-2021-42013
Last updated on May 13, 2024