Bug 807485 - (CVE-2012-1592) CVE-2012-1592 struts2: xsltResult local code execution flaw
CVE-2012-1592 struts2: xsltResult local code execution flaw
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20120322,repo...
: Security
Depends On:
Blocks: 807487
  Show dependency treegraph
 
Reported: 2012-03-27 18:08 EDT by Vincent Danen
Modified: 2012-03-28 19:09 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-28 19:09:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2012-03-27 18:08:22 EDT
It was reported [1] that Apache Struts2 suffers from a local code execution flaw when processing malformed XSLT files.  This could allow a malicious remote user able to upload an arbitrary file and then view it (such as a graphics file), and execute arbitrary code with the privileges of the struts2 process user.

NOTE: During normal usage, applications that receive untrusted input/files from remote users are expected to properly sanity-check the file and, if nothing else, not immediately make the file uploaded by an untrusted user, available to an untrusted user, without first checking the file.

[1] http://seclists.org/bugtraq/2012/Mar/110
Comment 1 Vincent Danen 2012-03-28 11:39:47 EDT
This was assigned CVE-2012-1592 as per:

http://www.openwall.com/lists/oss-security/2012/03/28/12
Comment 2 David Jorm 2012-03-28 19:09:00 EDT
Statement:

Not Vulnerable. This issue only affects struts 2, it does not affect the
versions of struts as shipped with various Red Hat products.

Note You need to log in before you can comment on or make changes to this bug.