[jira] [Commented] (WW-4063) Remote code execution in Struts2 via expression language execution

Rene Gielen (JIRA) Wed, 01 May 2013 23:24:21 -0700

    [ 
https://issues.apache.org/jira/browse/WW-4063?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13647339#comment-13647339
 ]


Rene Gielen commented on WW-4063:
---------------------------------

Please contact the Struts security team via email: security at struts.apache.org
See also http://struts.apache.org/security.html
                
> Remote code execution in Struts2 via expression language execution
> ------------------------------------------------------------------
>
>                 Key: WW-4063
>                 URL: https://issues.apache.org/jira/browse/WW-4063
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Expression Language
>    Affects Versions: 2.3.14
>         Environment: Mac OS X 10.7
>            Reporter: Coverity Security Research Laboratory
>              Labels: security
>
> Struts2 under certain configurations is vulnerable to remote code execution 
> via the interpretation of EL and OGNL. Since this is I'm assuming a publicly 
> accessible issue, please let me know if I should add a reproducer to this 
> issue or if I should communicate this reproducer though another mechanism.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (WW-4063) Remote code execution in Struts2 via expression language execution

Reply via email to