漏洞信息详情
Apache Struts 代码执行漏洞
- CNNVD编号:CNNVD-202008-743 <!--
- 危害等级: 超危-->
- 危害等级: 超危
- CVE编号: CVE-2019-0230
- 漏洞类型: 代码执行
- 发布时间: 2020-08-13
- 威胁类型: 远程
- 更新时间: 2021-10-21
- 厂 商:
- 漏洞来源: Matthias Kaiser
-
漏洞简介
Apache Struts是美国阿帕奇(Apache)基金会的一个开源项目,是一套用于创建企业级Java Web应用的开源MVC框架,主要提供两个版本框架产品,Struts 1和Struts 2。
Apache Struts 2.0.0版本至2.5.20版本中存在代码执行漏洞。攻击者可借助特制的请求利用该漏洞执行代码。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://cwiki.apache.org/confluence/display/ww/s2-059
参考网址
来源:struts.apache.org
链接:https://struts.apache.org/announce.html#a20200813
来源:MLIST
链接:https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E
来源:MISC
链接:https://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html
来源:MISC
链接:https://cwiki.apache.org/confluence/display/ww/s2-059
来源:MISC
链接:https://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
来源:MISC
链接:https://www.oracle.com/security-alerts/cpujan2021.html
来源:MISC
链接:https://launchpad.support.sap.com/#/notes/2982840
来源:MISC
链接:https://www.oracle.com/security-alerts/cpuoct2021.html
来源:MLIST
链接:https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E
来源:MISC
链接:https://www.oracle.com/security-alerts/cpuApr2021.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html
来源:www.oracle.com
链接:https://www.oracle.com/security-alerts/cpujan2021.html
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-apache-struts-publicly-disclosed-vulnerability-affects-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-col/
来源:cxsecurity.com
链接:https://cxsecurity.com/issue/WLB-2020110136
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-apache-struts-affect-ibm-sterling-file-gateway-cve-2019-0233-cve-2019-0230-2/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-apache-struts-affect-ibm-sterling-file-gateway-cve-2019-0233-cve-2019-0230/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-apache-struts-affect-ibm-sterling-file-gateway-cve-2019-0233-cve-2019-0230-3/
来源:www.exploit-db.com
链接:https://www.exploit-db.com/exploits/49068
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-struts-affect-tivoli-netcool-omnibus-webgui-cve-2019-0233-cve-2019-0230/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-struts-affect-ibm-tivoli-application-dependency-discovery-manager/
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Apache-Struts-code-execution-via-Double-OGNL-Evaluation-33073
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2803/
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2019-0230
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-apache-struts-publicly-disclosed-vulnerability-affects-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-col-4/
来源:cxsecurity.com
链接:https://cxsecurity.com/issue/WLB-2020120172
受影响实体
暂无
补丁
- Apache Struts 安全漏洞的修复措施<!--2020-8-13-->
还没有评论,来说两句吧...