Search This Blog

Saturday, October 28, 2017

The Analysis of Apache Struts 1 ActionServlet Validator Bypass (CVE-2016-1182)

Apache Struts 1 ValidatorForm is a commonly used component in the JAVA EE Web Application that requires validated form fields input by a user, such as a login form, registration form, or other information form. By configuring the validation rules, Apache Struts can validate many different kinds of fields - username, email, credit card number, etc. However, a bug in Apache Struts 1 can be used to manipulate the property of ValidatorForm so as to modify the validation rules, or even worse, cause a denial of service or execute arbitrary code in the context of the Web Application.   

https://blog.fortinet.com/2017/10/26/the-analysis-of-apache-struts-1-actionservlet-validator-bypass-cve-2016-1182

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.