Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
2015年7月21日
危険度: 中
情報公開日: 7 21, 2015
概要
Apache Struts2 is prone to a remote arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input.
Attackers can exploit this issue to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
トレンドマイクロの対策
Apply associated Trend Micro DPI Rules.
対応方法
Trend Micro Deep Security DPI Rule Number: 1004982
Trend Micro Deep Security DPI Rule Name: 1004982 - Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
影響を受けるソフトウェア
- Apache Struts