1869672 – (CVE-2019-0230) CVE-2019-0230 struts2: possible RCE due to forced double OGNL evaluation when evaluated on raw user input in tag attributes

Bug 1869672 (CVE-2019-0230) - CVE-2019-0230 struts2: possible RCE due to forced double OGNL evaluation when evaluated on raw user input in tag attributes

Summary: CVE-2019-0230 struts2: possible RCE due to forced double OGNL evaluation when...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2019-0230
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1869453
TreeView+	depends on / blocked

Reported:	2020-08-18 13:22 UTC by Guilherme de Almeida Suckevicz
Modified:	2021-08-27 18:42 UTC (History)
CC List:	60 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in Apache Struts frameworks. When forced, struts2 performs double evaluation of attributes' values assigned to certain tags attributes such as ID so it is possible to pass a value that will be evaluated again when a tag's attributes will be rendered. With a carefully crafted request, this can lead to Remote Code Execution (RCE). The largest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Clone Of:
Environment:
Last Closed:	2020-09-02 13:17:46 UTC

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-08-18 13:22:27 UTC

The Apache Struts frameworks, when forced, performs double evaluation of attributes' values assigned to certain tags attributes such as id so it is possible to pass in a value that will be evaluated again when a tag's attributes will be rendered. With a carefully crafted request, this can lead to Remote Code Execution (RCE).

Reference:
https://cwiki.apache.org/confluence/display/WW/S2-059

Comment 1 Product Security DevOps Team 2020-09-02 13:17:46 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-0230

Note You need to log in before you can comment on or make changes to this bug.

aboyko
aileenc
asoldano
atangrin
bbaranow
bmaxwell
brian.stansberry
cdewolf
chazlett
darran.lofthouse
dbecker
dbhole
dkreling
dosoudil
eleandro
extras-orphan
gvarsami
iweiss
java-sig-commits
jawilson
jcoleman
jjelen
jjoyce
jochrist
jperkins
jschluet
jwon
kbasil
kconner
krathod
kwills
ldimaggi
lgao
lhh
loleary
lpeer
mburns
mkolesni
mmraka
msochure
msvehla
nwallace
pjindal
pmackay
psotirop
puntogil
rguimara
rstancel
rsvoboda
rwagner
sclewis
scohen
slinaber
smaestri
spinder
tcunning
theute
tkirby
tom.jenkinson
yozone