HTTP: Apache Struts CookieInterceptor Security Bypass
This signature detects attempts to exploit a known vulnerability against Apache Struts. A successful attack can allow an attacker to bypass the Java security policies and load malicious class files. Successful exploitation of this vulnerability can lead to arbitrary code execution.
Extended Description
CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.
Affected Products
Apache struts
References
BugTraq: 67218
CVE: CVE-2014-0116
URL: http://struts.apache.org/release/2.3.x/docs/s2-022.html
Short Name
HTTP:APACHE:STRUTS-CI-SECBYPASS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apache Bypass CVE-2014-0116 CookieInterceptor Security Struts bid:67218
Release Date
06/06/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Apache
CVSS Score
5.8