Search This Blog

Sunday, October 29, 2017

The Analysis of Apache Struts 1 Form Field Input Validation Bypass (CVE-2015-0899)

Apache Struts 1 is a popularly used JAVA EE web application framework. It offers many kinds of validators to filter user input by using the Apache Common Validator library, which is both convenient and fast. However, a bug in Apache Struts can be used to easily bypass the input validation process, allowing an attacker to submit arbitrary dirty data to the database, possibly resulting in a cross-site scripting attack when the user views the JSP file that refers directly to the corrupted data.

https://blog.fortinet.com/2017/10/25/the-analysis-of-apache-struts-1-form-field-input-validation-bypass-cve-2015-0899

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.