[jira] [Closed] (WW-5055) Fix for security vulnerability CVE-2012-1592 identified in the National Vulnerability Database

Lukasz Lenart (Jira) Thu, 23 Jan 2020 00:32:27 -0800


     [ 
https://issues.apache.org/jira/browse/WW-5055?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Lukasz Lenart closed WW-5055.
-----------------------------
    Resolution: Not A Problem

The latest version of Struts has a blacklisting mechanism in-place [1] and 
{{Runtime}} is one of the excluded classes, you can check the whole list here 
[2]

[1] https://struts.apache.org/security/#internal-security-mechanism
[2] 
https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76

For future please report any Security related topics to this list
[email protected]

> Fix for security vulnerability CVE-2012-1592 identified in the National 
> Vulnerability Database
> ----------------------------------------------------------------------------------------------
>
>                 Key: WW-5055
>                 URL: https://issues.apache.org/jira/browse/WW-5055
>             Project: Struts 2
>          Issue Type: Improvement
>            Reporter: Jack Hagan
>            Priority: Major
>              Labels: security
>
> h2. CVE-2012-1592 Detail
> h3. Current Description
> A local code execution issue exists in Apache Struts2 when processing 
> malformed XSLT files, which could let a malicious user upload and execute 
> arbitrary files.
> See a bug report at the following URL:
> [http://seclists.org/bugtraq/2012/Mar/110]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Closed] (WW-5055) Fix for security vulnerability CVE-2012-1592 identified in the National Vulnerability Database

Reply via email to