Vulnerability-Lookup

CVE-2010-1870 (GCVE-0-2010-1870)

Vulnerability from cvelistv5 – Published: 2010-08-17 17:31 – Updated: 2024-08-07 01:35

Summary

The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://confluence.atlassian.com/display/FISHEYE/F…	x_refsource_CONFIRM
	http://www.exploit-db.com/exploits/14360	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/41592	vdb-entryx_refsource_BID
	http://www.osvdb.org/66280	vdb-entryx_refsource_OSVDB
	http://struts.apache.org/2.2.1/docs/s2-005.html	x_refsource_CONFIRM
	http://secunia.com/advisories/59110	third-party-advisoryx_refsource_SECUNIA
	http://blog.o0o.nu/2010/07/cve-2010-1870-struts2x…	x_refsource_MISC
	http://tools.cisco.com/security/center/content/Ci…	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2010/Jul/183	mailing-listx_refsource_FULLDISC
	http://securityreason.com/securityalert/8345	third-party-advisoryx_refsource_SREASON
	http://seclists.org/fulldisclosure/2020/Oct/23	mailing-listx_refsource_FULLDISC
	http://packetstormsecurity.com/files/159643/LISTS…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:35:53.709Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16"
          },
          {
            "name": "14360",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/14360"
          },
          {
            "name": "41592",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/41592"
          },
          {
            "name": "66280",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/66280"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
          },
          {
            "name": "59110",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59110"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
          },
          {
            "name": "20100713 CVE-2010-1870: Struts2 remote commands execution",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2010/Jul/183"
          },
          {
            "name": "8345",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8345"
          },
          {
            "name": "20201020 LISTSERV Maestro Remote Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Oct/23"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-07-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:06:24.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16"
        },
        {
          "name": "14360",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/14360"
        },
        {
          "name": "41592",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/41592"
        },
        {
          "name": "66280",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/66280"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
        },
        {
          "name": "59110",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59110"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
        },
        {
          "name": "20100713 CVE-2010-1870: Struts2 remote commands execution",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2010/Jul/183"
        },
        {
          "name": "8345",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8345"
        },
        {
          "name": "20201020 LISTSERV Maestro Remote Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Oct/23"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1870",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16",
              "refsource": "CONFIRM",
              "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16"
            },
            {
              "name": "14360",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/14360"
            },
            {
              "name": "41592",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/41592"
            },
            {
              "name": "66280",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/66280"
            },
            {
              "name": "http://struts.apache.org/2.2.1/docs/s2-005.html",
              "refsource": "CONFIRM",
              "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
            },
            {
              "name": "59110",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59110"
            },
            {
              "name": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html",
              "refsource": "MISC",
              "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
            },
            {
              "name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
            },
            {
              "name": "20100713 CVE-2010-1870: Struts2 remote commands execution",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2010/Jul/183"
            },
            {
              "name": "8345",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8345"
            },
            {
              "name": "20201020 LISTSERV Maestro Remote Code Execution Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Oct/23"
            },
            {
              "name": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-1870",
    "datePublished": "2010-08-17T17:31:00.000Z",
    "dateReserved": "2010-05-10T00:00:00.000Z",
    "dateUpdated": "2024-08-07T01:35:53.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2014-AVI-307

Vulnerability from certfr_avis - Published: 2014-07-10 - Updated: 2014-07-10

Une vulnérabilité a été corrigée dans les produits Cisco. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Media Experience Engine (MXE) 3500 Series
Cisco	N/A	Cisco Business Edition 3000 Series
Cisco	N/A	Cisco Unified Contact Center Enterprise (Cisco Unified CCE)
Cisco	Identity Services Engine	Cisco Identity Services Engine (ISE)

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20140709-struts2 du 09 juillet 2014	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20140709-struts2 du 09 juillet 2014	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Media Experience Engine (MXE) 3500 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Business Edition 3000 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Contact Center Enterprise (Cisco Unified CCE)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Identity Services Engine (ISE)",
      "product": {
        "name": "Identity Services Engine",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-1870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1870"
    }
  ],
  "initial_release_date": "2014-07-10T00:00:00",
  "last_revision_date": "2014-07-10T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140709-struts2 du 09    juillet 2014",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
    }
  ],
  "reference": "CERTFR-2014-AVI-307",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-07-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits \u003cspan\nclass=\"textit\"\u003eCisco\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140709-struts2 du 09 juillet 2014",
      "url": null
    }
  ]
}

CERTA-2011-AVI-011

Vulnerability from certfr_avis - Published: 2011-01-12 - Updated: 2011-03-17

Une vulnérabilité dans Struts version 2 permet à un attaquant d'exécuter du code Java à distance.

Description

Une erreur dans l'évaluation des paramètres des requêtes au serveur par le module XWork, inclus dans Struts, permet à un attaquant d'exécuter du code arbitraire à distance. Cette vulnérabilité affecte également le logiciel VMware vCenter Orchestrator.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apache	Struts	Struts versions 2.0.0 à 2.1.8.1 ;
	VMware	N/A	VMware vCenter Orchestrator 4.0 et 4.1.

References

Title

Publication Time

Tags

Bulletin de sécurité Apache Struts S2-005 du 16 Août 2010	None	vendor-advisory
Article KB de VMware 1034175 du 16 mars 2011	None	vendor-advisory
Article KB de Vmware 1034175 du 16 mars 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Struts versions 2.0.0 \u00e0 2.1.8.1 ;",
      "product": {
        "name": "Struts",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Orchestrator 4.0 et 4.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne erreur dans l\u0027\u00e9valuation des param\u00e8tres des requ\u00eates au serveur par\nle module XWork, inclus dans Struts, permet \u00e0 un attaquant d\u0027ex\u00e9cuter du\ncode arbitraire \u00e0 distance. Cette vuln\u00e9rabilit\u00e9 affecte \u00e9galement le\nlogiciel VMware vCenter Orchestrator.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-1870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1870"
    }
  ],
  "initial_release_date": "2011-01-12T00:00:00",
  "last_revision_date": "2011-03-17T00:00:00",
  "links": [
    {
      "title": "Article KB de Vmware 1034175 du 16 mars 2011 :",
      "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1034175"
    }
  ],
  "reference": "CERTA-2011-AVI-011",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-01-12T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences concernant VMware vCO.",
      "revision_date": "2011-03-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eStruts\u003c/span\u003e version 2\npermet \u00e0 un attaquant d\u0027ex\u00e9cuter du code Java \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Struts",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apache Struts S2-005 du 16 Ao\u00fbt 2010",
      "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
    },
    {
      "published_at": null,
      "title": "Article KB de VMware 1034175 du 16 mars 2011",
      "url": null
    }
  ]
}

GHSA-X5FC-PGPX-59J5

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2023-08-17 16:14

Summary

Server side object manipulation in Apache Struts

Details

OGNL provides, among other features, extensive expression evaluation capabilities. This vulnerability allows a malicious user to bypass the '#'-usage protection built into the ParametersInterceptor, thus being able to manipulate server side context objects. This behavior was already addressed in S2-003, but it turned out that the resulting fix based on whitelisting acceptable parameter names closed the vulnerability only partially.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts2-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2010-1870"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-03T19:11:38Z",
    "nvd_published_at": "2010-08-17T20:00:00Z",
    "severity": "MODERATE"
  },
  "details": "OGNL provides, among other features, extensive expression evaluation capabilities. This vulnerability allows a malicious user to bypass the \u0027#\u0027-usage protection built into the ParametersInterceptor, thus being able to manipulate server side context objects. This behavior was already addressed in [S2-003](https://cwiki.apache.org/confluence/display/WW/S2-003), but it turned out that the resulting fix based on whitelisting acceptable parameter names closed the vulnerability only partially.",
  "id": "GHSA-x5fc-pgpx-59j5",
  "modified": "2023-08-17T16:14:30Z",
  "published": "2022-05-13T01:14:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1870"
    },
    {
      "type": "WEB",
      "url": "https://cwiki.apache.org/confluence/display/WW/S2-003"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/struts"
    },
    {
      "type": "WEB",
      "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
    },
    {
      "type": "WEB",
      "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2010/Jul/183"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Oct/23"
    },
    {
      "type": "WEB",
      "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Server side object manipulation in Apache Struts"
}

CVE-2010-1870

Vulnerability from fstec - Published: 31.05.2010

Title

Уязвимость реализации класса преобразования выражений OGNL (Object-Graph Navigation Language) структуры шаблонов команд XWork программной платформы Apache Struts, позволяющая нарушителю обойти ограничения безопасности и выполнить произвольные команды

Description

Уязвимость реализации класса преобразования выражений OGNL (Object-Graph Navigation Language) структуры шаблонов команд XWork программной платформы Apache Struts связана с недостатками разграничения доступа при использовании класса ParametersInterceptor с параметром #. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти ограничения безопасности и выполнить произвольные команды с помощью специально созданных объектов #context, #_memberAccess, #root, #this, #_typeResolver, #_classResolver, #_traceEvaluations, #_lastEvaluation, #_keepLastEvaluation

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Vendor

IBM Corp., Apache Software Foundation, Atlassian, Cisco Systems Inc.

Software Name

IBM Call Center for Commerce, Struts, Fisheye, Crucible, Cisco Identity Services Engine, Cisco Unified Contact Center Enterprise, Cisco Media Experience Engine (MXE) 3500 Series

Software Version

9.5.0 (IBM Call Center for Commerce), 10.0 (IBM Call Center for Commerce), от 2.0.0 до 2.1.8.1 включительно (Struts), до 2.3.2 включительно (Fisheye), до 2.3.2 включительно (Crucible), до 1.0.4.573-6 (Cisco Identity Services Engine), от 1.1.0.665 до 1.1.0.665-4 (Cisco Identity Services Engine), от 1.1.1.268 до 1.1.1.268-6 (Cisco Identity Services Engine), от 1.1.2.145 до 1.1.2.145-9 (Cisco Identity Services Engine), от 1.1.3.124 до 1.1.3.124-4 (Cisco Identity Services Engine), от 1.1.4.218 до 1.1.4.218-4 (Cisco Identity Services Engine), от 1.2.0.0 до 1.2.0.899 (Cisco Identity Services Engine), от 10.5 до 10.5(1) (Cisco Unified Contact Center Enterprise), от 8.5(4) до 8.5(4)ES37 (Cisco Unified Contact Center Enterprise), от 9.0(4) до 9.0(4)ES39 (Cisco Unified Contact Center Enterprise), от 9.0(3) до 9.0(3)ES13 (Cisco Unified Contact Center Enterprise), до 3.3.2 (Cisco Media Experience Engine (MXE) 3500 Series)

Possible Mitigations

Использование рекомендаций: Для Apache Struts: https://cwiki.apache.org/confluence/display/WW/S2-005 Для программных продуктов Atlassian: https://confluence.atlassian.com/fisheye/fisheye-security-advisory-2010-06-16-960161732.html Для программных продуктов IBM: https://www.ibm.com/blogs/psirt/security-bulletin-ibm-call-center-and-apache-struts-struts-upgrade-strategy-various-cves-see-below/ Для программных продуктов Cisco: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2 Компенсирующие меры: Следующая дополнительная конфигурация interceptor-ref поможет исключить вредоносные параметры: <interceptor-ref name="params"> <param name="excludeParams">dojo\..*,^struts\..*,.*\\.*,.*\(.*,.*\).*,.*@.*</param> </interceptor-ref>

Reference

https://confluence.atlassian.com/fisheye/fisheye-security-advisory-2010-06-16-960161732.html https://www.ibm.com/blogs/psirt/security-bulletin-ibm-call-center-and-apache-struts-struts-upgrade-strategy-various-cves-see-below/ https://nvd.nist.gov/vuln/detail/CVE-2010-1870 https://cwiki.apache.org/confluence/display/WW/S2-005 https://seclists.org/fulldisclosure/2010/Jul/183 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2

CWE

CWE-264

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "IBM Corp., Apache Software Foundation, Atlassian, Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9.5.0 (IBM Call Center for Commerce), 10.0 (IBM Call Center for Commerce), \u043e\u0442 2.0.0 \u0434\u043e 2.1.8.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Struts), \u0434\u043e 2.3.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Fisheye), \u0434\u043e 2.3.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Crucible), \u0434\u043e 1.0.4.573-6 (Cisco Identity Services Engine), \u043e\u0442 1.1.0.665 \u0434\u043e 1.1.0.665-4 (Cisco Identity Services Engine), \u043e\u0442 1.1.1.268 \u0434\u043e 1.1.1.268-6 (Cisco Identity Services Engine), \u043e\u0442 1.1.2.145 \u0434\u043e 1.1.2.145-9 (Cisco Identity Services Engine), \u043e\u0442 1.1.3.124 \u0434\u043e 1.1.3.124-4 (Cisco Identity Services Engine), \u043e\u0442 1.1.4.218 \u0434\u043e 1.1.4.218-4 (Cisco Identity Services Engine), \u043e\u0442 1.2.0.0 \u0434\u043e 1.2.0.899 (Cisco Identity Services Engine), \u043e\u0442 10.5 \u0434\u043e 10.5(1) (Cisco Unified Contact Center Enterprise), \u043e\u0442 8.5(4) \u0434\u043e 8.5(4)ES37 (Cisco Unified Contact Center Enterprise), \u043e\u0442 9.0(4) \u0434\u043e 9.0(4)ES39 (Cisco Unified Contact Center Enterprise), \u043e\u0442 9.0(3) \u0434\u043e 9.0(3)ES13 (Cisco Unified Contact Center Enterprise), \u0434\u043e 3.3.2 (Cisco Media Experience Engine (MXE) 3500 Series)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Apache Struts:\nhttps://cwiki.apache.org/confluence/display/WW/S2-005\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Atlassian:\nhttps://confluence.atlassian.com/fisheye/fisheye-security-advisory-2010-06-16-960161732.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 IBM:\nhttps://www.ibm.com/blogs/psirt/security-bulletin-ibm-call-center-and-apache-struts-struts-upgrade-strategy-various-cves-see-below/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Cisco:\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n\u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0430\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f interceptor-ref \u043f\u043e\u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b:\n\n\u003cinterceptor-ref name=\"params\"\u003e\n    \u003cparam name=\"excludeParams\"\u003edojo\\..*,^struts\\..*,.*\\\\.*,.*\\(.*,.*\\).*,.*@.*\u003c/param\u003e\n\u003c/interceptor-ref\u003e",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "31.05.2010",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "04.10.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.10.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-06074",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2010-1870",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "IBM Call Center for Commerce, Struts, Fisheye, Crucible, Cisco Identity Services Engine, Cisco Unified Contact Center Enterprise, Cisco Media Experience Engine (MXE) 3500 Series",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043b\u0430\u0441\u0441\u0430 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0439 OGNL (Object-Graph Navigation Language) \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0448\u0430\u0431\u043b\u043e\u043d\u043e\u0432 \u043a\u043e\u043c\u0430\u043d\u0434 XWork \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Apache Struts, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f, \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (CWE-264)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043b\u0430\u0441\u0441\u0430 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0439 OGNL (Object-Graph Navigation Language) \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0448\u0430\u0431\u043b\u043e\u043d\u043e\u0432 \u043a\u043e\u043c\u0430\u043d\u0434 XWork \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Apache Struts \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043a\u043b\u0430\u0441\u0441\u0430 ParametersInterceptor \u0441 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c #. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 #context, #_memberAccess, #root, #this, #_typeResolver, #_classResolver, #_traceEvaluations, #_lastEvaluation, #_keepLastEvaluation",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://confluence.atlassian.com/fisheye/fisheye-security-advisory-2010-06-16-960161732.html\nhttps://www.ibm.com/blogs/psirt/security-bulletin-ibm-call-center-and-apache-struts-struts-upgrade-strategy-various-cves-see-below/\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-1870\nhttps://cwiki.apache.org/confluence/display/WW/S2-005\nhttps://seclists.org/fulldisclosure/2010/Jul/183\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-264",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,8)"
}

FKIE_CVE-2010-1870

Vulnerability from fkie_nvd - Published: 2010-08-17 20:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html
cve@mitre.org	http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16	Vendor Advisory
cve@mitre.org	http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html
cve@mitre.org	http://seclists.org/fulldisclosure/2010/Jul/183
cve@mitre.org	http://seclists.org/fulldisclosure/2020/Oct/23
cve@mitre.org	http://secunia.com/advisories/59110
cve@mitre.org	http://securityreason.com/securityalert/8345
cve@mitre.org	http://struts.apache.org/2.2.1/docs/s2-005.html
cve@mitre.org	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2
cve@mitre.org	http://www.exploit-db.com/exploits/14360	Exploit
cve@mitre.org	http://www.osvdb.org/66280
cve@mitre.org	http://www.securityfocus.com/bid/41592
af854a3a-2127-422b-91ae-364da2661108	http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html
af854a3a-2127-422b-91ae-364da2661108	http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2010/Jul/183
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Oct/23
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59110
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8345
af854a3a-2127-422b-91ae-364da2661108	http://struts.apache.org/2.2.1/docs/s2-005.html
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/14360	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/66280
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/41592

Impacted products

Vendor	Product	Version
apache	struts	2.0.0
apache	struts	2.0.1
apache	struts	2.0.2
apache	struts	2.0.3
apache	struts	2.0.4
apache	struts	2.0.5
apache	struts	2.0.6
apache	struts	2.0.7
apache	struts	2.0.8
apache	struts	2.0.9
apache	struts	2.0.10
apache	struts	2.0.11
apache	struts	2.0.11.1
apache	struts	2.0.11.2
apache	struts	2.0.12
apache	struts	2.0.13
apache	struts	2.0.14
apache	struts	2.1.0
apache	struts	2.1.1
apache	struts	2.1.2
apache	struts	2.1.3
apache	struts	2.1.4
apache	struts	2.1.5
apache	struts	2.1.6
apache	struts	2.1.8
apache	struts	2.1.8.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CF11DCF-6F6E-4E18-988E-E43918FBB8A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE3A90B7-C632-4D3E-9A4F-21E46D273B42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "386538BE-F258-4870-8E11-750ADA228026",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4CF15B9-3714-4206-9971-1F7D59E20483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFA32D87-65C7-4589-86B7-500BE3203CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "98C3FB11-4E24-4067-A3A9-021F849DAAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DCF2D72-90F1-4D1B-94A2-5BB3D8C086C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "661F1610-9FCD-4FC1-BCA1-69C58E0A1389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9C89E22-B106-4EAB-90A1-0EA86C165737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E1BABB2-780E-47E0-87A9-A164906C8421",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC32348E-7EF4-411C-9A44-CD041ABFA0E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "94BD452B-AE41-4F7A-9DB9-4B1039582537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFDC53B-7B8E-4333-BC87-E01024EC9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F0818E7-B617-4C30-BFAC-9FE2F375F8BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F4A58E-F3D4-4711-A37E-EA538B112371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFFCC96F-FD87-4495-B8A5-19D7898D5662",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEA0424E-84B4-41BD-8E6C-93E2A77DD6CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEC53AE5-3640-4FE1-B0B1-EA26C5B9EB9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "662A2E4B-A76A-4498-98A6-F90DF65C62B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E720B3A-4CFB-47FE-B80C-67C59D4C7FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA687B56-A09B-4741-84F1-2BD9569A3F76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BC0E358-8B4D-480B-BFAE-966CB697310A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B7E8E1C-C667-4AED-86A5-2BD0C62AAD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B3348C-1086-4A16-97E3-52DB65FF860A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C65711D-9C5B-4644-A12D-82243CB6FB1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC1FA9A7-2C8E-4651-9400-190198528642",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504."
    },
    {
      "lang": "es",
      "value": "La capacidad OGNL extensive expression evaluation en XWork de Struts v2.0.0 hasta v2.1.8.1, como el usado en Atlassian Fisheye, Crucible,y posiblemente otros productos, usa una lista blanca permisiva, la cual permite a atacantes remotos modificar los objetos del contexto del lado del servidor y evitar el mecanismo de protecci\u00f3n \"#\" en ParameterInterceptors a trav\u00e9s de (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, y posiblemente otras variables de contexto OGNL, una vulnerabilidad diferente de CVE-2008-6504."
    }
  ],
  "id": "CVE-2010-1870",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-08-17T20:00:03.407",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2010/Jul/183"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2020/Oct/23"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/59110"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/8345"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/14360"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/66280"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/41592"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2010/Jul/183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2020/Oct/23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/14360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/66280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/41592"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2010-1870

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-1870

Aliases

CVE-2010-1870

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-1870",
    "description": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.",
    "id": "GSD-2010-1870",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-1870.html",
      "https://packetstormsecurity.com/files/cve/CVE-2010-1870"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-1870"
      ],
      "details": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.",
      "id": "GSD-2010-1870",
      "modified": "2023-12-13T01:21:32.084221Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-1870",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16",
            "refsource": "CONFIRM",
            "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16"
          },
          {
            "name": "14360",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/14360"
          },
          {
            "name": "41592",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/41592"
          },
          {
            "name": "66280",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/66280"
          },
          {
            "name": "http://struts.apache.org/2.2.1/docs/s2-005.html",
            "refsource": "CONFIRM",
            "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
          },
          {
            "name": "59110",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59110"
          },
          {
            "name": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html",
            "refsource": "MISC",
            "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
          },
          {
            "name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2",
            "refsource": "CONFIRM",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
          },
          {
            "name": "20100713 CVE-2010-1870: Struts2 remote commands execution",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2010/Jul/183"
          },
          {
            "name": "8345",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8345"
          },
          {
            "name": "20201020 LISTSERV Maestro Remote Code Execution Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2020/Oct/23"
          },
          {
            "name": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[2-alpha0,2.1.8.1]",
          "affected_versions": "All versions starting from 2-alpha0 up to 2.1.8.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2014-07-24",
          "description": "The OGNL extensive expression evaluation capability in this package as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive allowlist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the `#context`, `#_memberAccess`, `#root`, `#this`, `#_typeResolver`, `#_classResolver`, `#_traceEvaluations`, `#_lastEvaluation`, `#_keepLastEvaluation`, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.",
          "fixed_versions": [
            "2.2.1"
          ],
          "identifier": "CVE-2010-1870",
          "identifiers": [
            "CVE-2010-1870"
          ],
          "not_impacted": "All versions before 2-alpha0, all versions after 2.1.8.1",
          "package_slug": "maven/org.apache.struts/struts2-core",
          "pubdate": "2010-08-17",
          "solution": "Upgrade to version 2.2.1 or above.",
          "title": "XWork ParameterInterceptors bypass allows remote command execution",
          "urls": [
            "http://struts.apache.org/docs/s2-005.html"
          ],
          "uuid": "1a9f6efb-96d6-4ca8-97f7-8aa353dd20d5"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1870"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "14360",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.exploit-db.com/exploits/14360"
            },
            {
              "name": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16"
            },
            {
              "name": "http://struts.apache.org/2.2.1/docs/s2-005.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
            },
            {
              "name": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
            },
            {
              "name": "41592",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/41592"
            },
            {
              "name": "20100713 CVE-2010-1870: Struts2 remote commands execution",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2010/Jul/183"
            },
            {
              "name": "66280",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/66280"
            },
            {
              "name": "8345",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8345"
            },
            {
              "name": "59110",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59110"
            },
            {
              "name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
            },
            {
              "name": "20201020 LISTSERV Maestro Remote Code Execution Vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2020/Oct/23"
            },
            {
              "name": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2020-10-20T22:15Z",
      "publishedDate": "2010-08-17T20:00Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-1870 (GCVE-0-2010-1870)

CERTFR-2014-AVI-307

Solution

CERTA-2011-AVI-011

Description

Solution

GHSA-X5FC-PGPX-59J5

CVE-2010-1870

FKIE_CVE-2010-1870

GSD-2010-1870

Tags

Sightings

Nomenclature