In association with heise online

« previous | next »
6 November 2008, 12:05

Patch for Apache Struts closes two holes

Apache Struts, an open source framework for Java-based web applications, has been found to contain two vulnerabilities. A directory traversal vulnerability in the "FilterDispatcher" and "DefaultStaticContentLoader" classes allows attackers to traverse the server path and download files without permission. Another vulnerability allows server side objects to be manipulated using specially crafted OGNL (Object-Graph Navigation Language) commands. This problem is rated as critical by the developers.

Apache Struts versions 2.0.0 up to and including 2.0.11.2 are affected. Version 2.0.12 no longer contains the flaws and the developers urgently recommend that users update immediately.

See also:

(djwm)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-738001

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Crucial m4 SSD 128GB
  7. Gigabyte GeForce GTX 670 OC
  8. Palit GeForce GTX 670
  9. Diablo 3 (deutsch)
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit