[
https://issues.apache.org/struts/browse/WW-2030?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rainer Hermanns resolved WW-2030.
---------------------------------
Resolution: Fixed
Fix Version/s: 2.0.9
Assignee: Rainer Hermanns
resolved by updating to xwork 2.0.4
> User input is evaluated as an OGNL expression
> ---------------------------------------------
>
> Key: WW-2030
> URL: https://issues.apache.org/struts/browse/WW-2030
> Project: Struts 2
> Issue Type: Bug
> Components: Value Stack
> Affects Versions: 2.0.8
> Reporter: Andrea Vettori
> Assignee: Rainer Hermanns
> Priority: Critical
> Fix For: 2.0.9
>
> Attachments: no-recursion-in-text-parse.diff, Struts.diff,
> Struts2.diff, translateVariable.txt, translateVariable2.txt, xwork.diff,
> xwork2.diff
>
>
> All user input, for example entered through a form, is evaluated as an OGNL
> expression.
> This leads to a remote exploit of possible malicious code execution of any
> kind, such as server shutdown or information theft.
> Moreover, it can lead to a DoS problem:
> On a form with:
> <s:textfield name="xxx">
> if the user enters %{xxx} as the value then
> com/opensymphony/xwork2/util/TextParseUtil.translateVariables enters an
> infinite loop eating about 1GB of ram in one second on my server.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
