|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 197 CVE : CVE-2005-3745 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : No Credit : Irene Abezgauz (irene Hacktics com) Published : 22.11.2005
Advisory Text : Background ========== Struts is an open source framework for building web applications. The core of the Struts framework is a flexible control layer based on standard technologies such as Java Servlets, JavaBeans, resource bundles, and the Extensible Markup Language (XML). Struts can be used with different Java engines, such as WebLogic, TomCat, JRun, etc. Scope ===== After identifying in Struts an error message echoing the path back to the user, Hacktics has conducted a research of identifying a cross site scripting vulnerability in the implementation of this error on different application servers. The Finding =========== When attempting to access a non existent Struts action URL (including the Struts URL suffix, e.g. .do), the struts request handler generates an error echoing the path of the requested action. The mechanism generating this error does not perform sufficient input validation nor perform HTML encoding of the output, thus exposing the system, in some environments, to a Cross Site Scripting attack. For detailed description and exploit please visit http://www.hacktics.com/AdvStrutsNov05.html Versions Tested =============== Vulnerable Struts 1.2.7 Running on WebLogic 8.1 SP4 Struts 1.2.7 Running on WebLogic 8.1 SP5 Struts 1.2.7 Running on Resin Web Server Non Vulnerable Struts Running on Apache Tomcat 5.5.9 Struts Running on Apache Tomcat 5.5.12 Solution ======== The Apache Struts group has been notified of this vulnerability on November 3rd, and has fixed the problem in the new Struts release (1.2.8). Upgrading to the new version will eliminate the threat. Alternatively, a work around is available on existing versions by configuring the web server to display custom error messages rather than the default ones. ----------------------- Irene Abezgauz Application Security Consultant Hacktics Ltd. Mobile: +972-54-6545405 Web: http://www.hacktics.com  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |