SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Apache Struts OGNL Double Evaluation Remote Code Execution 2

Category: WEB-ATTACKS      

The Apache Struts frameworks, when forced, performs double evaluation of attributes' values assigned to certain tags attributes such as id so it is possible to pass in a value that will be evaluated again when a tag's attributes will be rendered. With a carefully crafted request, this can lead to Remote Code Execution.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0230


Relevant Information