Apache Struts 1 ValidatorForm is a commonly used component in the JAVA EE Web Application that requires validated form fields input by a user, such as a login form, registration form, or other information form. By configuring the validation rules, Apache Struts can validate many different kinds of fields - username, email, credit card number, etc. However, a bug in Apache Struts 1 can be used to manipulate the property of ValidatorForm so as to modify the validation rules, or even worse, cause a denial of service or execute arbitrary code in the context of the Web Application.
https://blog.fortinet.com/2017/10/25/the-analysis-of-apache-struts-1-actionservlet-validator-bypass-cve-2016-1182
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.