Apache Struts 1 is a popularly used JAVA EE web application framework. It offers many kinds of validators to filter user input by using the Apache Common Validator library, which is both convenient and fast. However, a bug in Apache Struts can be used to easily bypass the input validation process, allowing an attacker to submit arbitrary dirty data to the database, possibly resulting in a cross-site scripting attack when the user views the JSP file that refers directly to the corrupted data.
https://blog.fortinet.com/2017/10/26/the-analysis-of-apache-struts-1-form-field-input-validation-bypass-cve-2015-0899
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.