Description

The default upload mechanism in Apache Struts 2 is based on Commons FileUpload version 1.3 which is vulnerable and allows DoS attacks. Additional ParametersInterceptor allows access to 'class' parameter which is directly mapped to getClass() method and allows ClassLoader manipulation.

Remediation

Upgrade to Struts 2.3.16.2.

References

Apache Struts S2-020

Related Vulnerabilities

Perl code injection

WooFramework shortcode exploit

RCE in SQL Server Reporting Services (SSRS)

Microsoft IIS 6.0 WebDAV Buffer Overflow

ColdFusion FlashGateway Deserialization RCE CVE-2019-7091

Severity

High

Classification

CVE-2014-0094 CVE-2014-0050 CWE-701 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Denial Of Service