daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2007/CVE-2007-4556.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-10 09:59:07 -04:00
parent 78d357639d
commit 161cc54399
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cves/2007/CVE-2007-4556.yaml
View File

@ -1,12 +1,13 @@
id: CVE-2007-4556
info:
name: Apache Struts2 S2-001 - Remote Code Execution
name: OpenSymphony XWork/Apache Struts2 - Remote Code Execution
author: pikpikcu
severity: critical
description: Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
description: "Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for"m input beginning with a "%{" sequence and ending with a "}" character."
reference:
- https://www.guildhab.top/?p=2326
- https://nvd.nist.gov/vuln/detail/CVE-2007-4556
classification:
cve-id: CVE-2007-4556
tags: cve,cve2007,apache,rce,struts