Bug 773164 – CVE-2012-0393 struts: remote creation or overwrite of arbitrary files due ParamterInterceptor not preventing access to public constructors

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 773164 - (CVE-2012-0393) CVE-2012-0393 struts: remote creation or overwrite of arbitrary files due ParamterInterceptor not preventing access to public constructors

Summary:	CVE-2012-0393 struts: remote creation or overwrite of arbitrary files due Par...

Status:	CLOSED NOTABUG

Aliases:	CVE-2012-0393

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20111225,repor...
Keywords:	Security

Depends On:
Blocks:	773173
	Show dependency tree / graph

Reported:	2012-01-11 01:03 EST by Vincent Danen
Modified:	2012-01-12 23:11 EST (History)
CC List:	2 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-01-12 23:11:50 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Vincent Danen 2012-01-11 01:03:47 EST

Common Vulnerabilities and Exposures assigned an identifier CVE-2012-0393 to
the following vulnerability:

Name: CVE-2012-0393
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0393
Assigned: 20120108
Reference: BUGTRAQ:20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2
Reference: http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
Reference: EXPLOIT-DB:18329
Reference: http://www.exploit-db.com/exploits/18329
Reference: https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
Reference: http://struts.apache.org/2.x/docs/s2-008.html
Reference: http://struts.apache.org/2.x/docs/version-notes-2311.html
Reference: SECUNIA:47393
Reference: http://secunia.com/advisories/47393

The ParameterInterceptor component in Apache Struts before 2.3.1.1
does not prevent access to public constructors, which allows remote
attackers to create or overwrite arbitrary files via a crafted
parameter that triggers the creation of a Java object.

Comment 1 David Jorm 2012-01-12 23:10:46 EST

This issue only affects struts 2.

Comment 2 David Jorm 2012-01-12 23:11:50 EST

Statement:

Not Vulnerable. This issue does not affect the versions of struts as shipped
with various Red Hat products.

Note You need to log in before you can comment on or make changes to this bug.