o0o security research has posted a review of the SEC Consult Vulnerability Lab Security Advisory on Apache Struts2 along with a remote code execution exploit.
The problem, in brief, is that Struts2 fails to properly handle user input. A malicious user can elevate privileges by manipulating a design flaw in how HTTP parameter names are [...]
[[ This is a summary only. Read more at flyingpenguin.com ]]![]()
![]()
[[ This is a summary only. Read more at flyingpenguin.com ]]