The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Struts | Apache | 2.0.0 (including) | 2.3.1 (excluding) |
Libstruts1.2-java | Ubuntu | hardy | * |
Libstruts1.2-java | Ubuntu | lucid | * |
Libstruts1.2-java | Ubuntu | maverick | * |
Libstruts1.2-java | Ubuntu | natty | * |
Libstruts1.2-java | Ubuntu | oneiric | * |
Libstruts1.2-java | Ubuntu | precise | * |
Libstruts1.2-java | Ubuntu | quantal | * |
Libstruts1.2-java | Ubuntu | raring | * |
Libstruts1.2-java | Ubuntu | saucy | * |
Libstruts1.2-java | Ubuntu | utopic | * |