Vulnerability-Lookup

CVE-2008-6504 (GCVE-0-2008-6504)

Vulnerability from cvelistv5 – Published: 2009-03-23 14:00 – Updated: 2024-08-07 11:34

Summary

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/32495	third-party-advisoryx_refsource_SECUNIA
	http://fisheye6.atlassian.com/cru/CR-9/	x_refsource_CONFIRM
	http://struts.apache.org/2.x/docs/s2-003.html	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2008/3003	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2008/3004	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/32101	vdb-entryx_refsource_BID
	http://secunia.com/advisories/32497	third-party-advisoryx_refsource_SECUNIA
	http://jira.opensymphony.com/browse/XW-641	x_refsource_CONFIRM
	http://issues.apache.org/struts/browse/WW-2692	x_refsource_CONFIRM
	http://osvdb.org/49732	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:34:47.095Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32495",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32495"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://fisheye6.atlassian.com/cru/CR-9/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://struts.apache.org/2.x/docs/s2-003.html"
          },
          {
            "name": "xwork-parameterinterceptor-security-bypass(46328)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46328"
          },
          {
            "name": "ADV-2008-3003",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3003"
          },
          {
            "name": "ADV-2008-3004",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3004"
          },
          {
            "name": "32101",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32101"
          },
          {
            "name": "32497",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32497"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://jira.opensymphony.com/browse/XW-641"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://issues.apache.org/struts/browse/WW-2692"
          },
          {
            "name": "49732",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/49732"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-11-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \\u0023 representation for the # character."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "32495",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32495"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://fisheye6.atlassian.com/cru/CR-9/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://struts.apache.org/2.x/docs/s2-003.html"
        },
        {
          "name": "xwork-parameterinterceptor-security-bypass(46328)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46328"
        },
        {
          "name": "ADV-2008-3003",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3003"
        },
        {
          "name": "ADV-2008-3004",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3004"
        },
        {
          "name": "32101",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32101"
        },
        {
          "name": "32497",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32497"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://jira.opensymphony.com/browse/XW-641"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://issues.apache.org/struts/browse/WW-2692"
        },
        {
          "name": "49732",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/49732"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-6504",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \\u0023 representation for the # character."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32495",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32495"
            },
            {
              "name": "http://fisheye6.atlassian.com/cru/CR-9/",
              "refsource": "CONFIRM",
              "url": "http://fisheye6.atlassian.com/cru/CR-9/"
            },
            {
              "name": "http://struts.apache.org/2.x/docs/s2-003.html",
              "refsource": "CONFIRM",
              "url": "http://struts.apache.org/2.x/docs/s2-003.html"
            },
            {
              "name": "xwork-parameterinterceptor-security-bypass(46328)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46328"
            },
            {
              "name": "ADV-2008-3003",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3003"
            },
            {
              "name": "ADV-2008-3004",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3004"
            },
            {
              "name": "32101",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32101"
            },
            {
              "name": "32497",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32497"
            },
            {
              "name": "http://jira.opensymphony.com/browse/XW-641",
              "refsource": "CONFIRM",
              "url": "http://jira.opensymphony.com/browse/XW-641"
            },
            {
              "name": "http://issues.apache.org/struts/browse/WW-2692",
              "refsource": "CONFIRM",
              "url": "http://issues.apache.org/struts/browse/WW-2692"
            },
            {
              "name": "49732",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/49732"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-6504",
    "datePublished": "2009-03-23T14:00:00.000Z",
    "dateReserved": "2009-03-23T00:00:00.000Z",
    "dateUpdated": "2024-08-07T11:34:47.095Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2008-6504

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-6504

Aliases

CVE-2008-6504

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-6504",
    "description": "ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \\u0023 representation for the # character.",
    "id": "GSD-2008-6504"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-6504"
      ],
      "details": "ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \\u0023 representation for the # character.",
      "id": "GSD-2008-6504",
      "modified": "2023-12-13T01:23:02.651046Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-6504",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \\u0023 representation for the # character."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "32495",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32495"
          },
          {
            "name": "http://fisheye6.atlassian.com/cru/CR-9/",
            "refsource": "CONFIRM",
            "url": "http://fisheye6.atlassian.com/cru/CR-9/"
          },
          {
            "name": "http://struts.apache.org/2.x/docs/s2-003.html",
            "refsource": "CONFIRM",
            "url": "http://struts.apache.org/2.x/docs/s2-003.html"
          },
          {
            "name": "xwork-parameterinterceptor-security-bypass(46328)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46328"
          },
          {
            "name": "ADV-2008-3003",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/3003"
          },
          {
            "name": "ADV-2008-3004",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/3004"
          },
          {
            "name": "32101",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/32101"
          },
          {
            "name": "32497",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32497"
          },
          {
            "name": "http://jira.opensymphony.com/browse/XW-641",
            "refsource": "CONFIRM",
            "url": "http://jira.opensymphony.com/browse/XW-641"
          },
          {
            "name": "http://issues.apache.org/struts/browse/WW-2692",
            "refsource": "CONFIRM",
            "url": "http://issues.apache.org/struts/browse/WW-2692"
          },
          {
            "name": "49732",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/49732"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[2.0-alpha0,2.0.5],[2.1-alpha0,2.1.1]",
          "affected_versions": "All versions starting from 2.0-alpha0 up to 2.0.5, all versions starting from 2.1-alpha0 up to 2.1.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-937"
          ],
          "date": "2017-08-16",
          "description": "`ParametersInterceptor` does not properly restrict `#` (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a `\\u0023` representation for the `#` character.",
          "fixed_versions": [
            "2.0.6",
            "2.1.2"
          ],
          "identifier": "CVE-2008-6504",
          "identifiers": [
            "CVE-2008-6504"
          ],
          "not_impacted": "All versions before 2.0-alpha0, all versions after 2.0.5 before 2.1-alpha0, all versions after 2.1.1",
          "package_slug": "maven/com.opensymphony/xwork",
          "pubdate": "2009-03-23",
          "solution": "Upgrade to versions 2.0.6, 2.1.2 or above.",
          "title": "ParameterInterceptors bypass allows OGNL statement execution",
          "urls": [
            "http://struts.apache.org/release/2.2.x/docs/s2-003.html",
            "http://web.archive.org/web/20111023074138/http://jira.opensymphony.com/browse/XW-641",
            "https://fisheye6.atlassian.com/cru/CR-9/#CFR-8",
            "https://issues.apache.org/jira/browse/WW-2692"
          ],
          "uuid": "4e9f9fac-f1ee-4e1e-88f5-80451eb9d01a"
        },
        {
          "affected_range": "[0.5,1)",
          "affected_versions": "All versions starting from 0.5 before 1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-937"
          ],
          "date": "2017-08-16",
          "description": "Remote attackers could execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a `#` representation for the `#` character.",
          "fixed_versions": [
            "2.1.3"
          ],
          "identifier": "CVE-2008-6504",
          "identifiers": [
            "CVE-2008-6504"
          ],
          "not_impacted": "All versions before 0.5, all versions starting from 1",
          "package_slug": "maven/org.apache.jackrabbit/oak-core",
          "pubdate": "2009-03-23",
          "solution": "Upgrade to version 2.1.3 or above.",
          "title": "Improper Input Validation",
          "urls": [
            "http://struts.apache.org/release/2.2.x/docs/s2-003.html",
            "https://issues.apache.org/jira/browse/WW-2692",
            "http://web.archive.org/web/20111023074138/http://jira.opensymphony.com/browse/XW-641",
            "https://fisheye6.atlassian.com/cru/CR-9/#CFR-8"
          ],
          "uuid": "28d25cab-f0a8-4c05-aabe-5e7e947175fc"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:opensymphony:xwork:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:opensymphony:xwork:2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:opensymphony:xwork:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:opensymphony:xwork:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:opensymphony:xwork:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:opensymphony:xwork:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:opensymphony:xwork:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:opensymphony:xwork:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-6504"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \\u0023 representation for the # character."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://issues.apache.org/struts/browse/WW-2692",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "http://issues.apache.org/struts/browse/WW-2692"
            },
            {
              "name": "32497",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32497"
            },
            {
              "name": "http://fisheye6.atlassian.com/cru/CR-9/",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://fisheye6.atlassian.com/cru/CR-9/"
            },
            {
              "name": "32495",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32495"
            },
            {
              "name": "http://jira.opensymphony.com/browse/XW-641",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "http://jira.opensymphony.com/browse/XW-641"
            },
            {
              "name": "http://struts.apache.org/2.x/docs/s2-003.html",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "http://struts.apache.org/2.x/docs/s2-003.html"
            },
            {
              "name": "ADV-2008-3003",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3003"
            },
            {
              "name": "32101",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/32101"
            },
            {
              "name": "49732",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/49732"
            },
            {
              "name": "ADV-2008-3004",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/3004"
            },
            {
              "name": "xwork-parameterinterceptor-security-bypass(46328)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46328"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:29Z",
      "publishedDate": "2009-03-23T14:19Z"
    }
  }
}

GHSA-WXW2-2MX5-C5QF

Vulnerability from github – Published: 2022-05-17 02:11 – Updated: 2022-11-01 22:34

Summary

Improper Input Validation in OpenSymphony XWork

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.opensymphony:xwork"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.opensymphony:xwork"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2008-6504"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-01T22:34:44Z",
    "nvd_published_at": "2009-03-23T14:19:00Z",
    "severity": "MODERATE"
  },
  "details": "ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \\u0023 representation for the # character.",
  "id": "GHSA-wxw2-2mx5-c5qf",
  "modified": "2022-11-01T22:34:44Z",
  "published": "2022-05-17T02:11:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-6504"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46328"
    },
    {
      "type": "WEB",
      "url": "http://fisheye6.atlassian.com/cru/CR-9"
    },
    {
      "type": "WEB",
      "url": "http://issues.apache.org/struts/browse/WW-2692"
    },
    {
      "type": "WEB",
      "url": "http://jira.opensymphony.com/browse/XW-641"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32495"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32497"
    },
    {
      "type": "WEB",
      "url": "http://struts.apache.org/2.x/docs/s2-003.html"
    },
    {
      "type": "WEB",
      "url": "http://web.archive.org/web/20081119232431/jira.opensymphony.com/browse/XW-641"
    },
    {
      "type": "WEB",
      "url": "http://web.archive.org/web/20130807023152/https://fisheye6.atlassian.com/cru/CR-9"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/32101"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/3003"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/3004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Improper Input Validation in OpenSymphony XWork"
}

FKIE_CVE-2008-6504

Vulnerability from fkie_nvd - Published: 2009-03-23 14:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://fisheye6.atlassian.com/cru/CR-9/	Patch
cve@mitre.org	http://issues.apache.org/struts/browse/WW-2692	Exploit
cve@mitre.org	http://jira.opensymphony.com/browse/XW-641	Exploit
cve@mitre.org	http://osvdb.org/49732
cve@mitre.org	http://secunia.com/advisories/32495	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/32497	Vendor Advisory
cve@mitre.org	http://struts.apache.org/2.x/docs/s2-003.html	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/32101
cve@mitre.org	http://www.vupen.com/english/advisories/2008/3003	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/3004
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/46328
af854a3a-2127-422b-91ae-364da2661108	http://fisheye6.atlassian.com/cru/CR-9/	Patch
af854a3a-2127-422b-91ae-364da2661108	http://issues.apache.org/struts/browse/WW-2692	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://jira.opensymphony.com/browse/XW-641	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/49732
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32495	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32497	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://struts.apache.org/2.x/docs/s2-003.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32101
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/3003	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/3004
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/46328

Impacted products

Vendor	Product	Version
opensymphony	xwork	2.0.0
opensymphony	xwork	2.0.1
opensymphony	xwork	2.0.2
opensymphony	xwork	2.0.3
opensymphony	xwork	2.0.4
opensymphony	xwork	2.0.5
opensymphony	xwork	2.1.0
opensymphony	xwork	2.1.1
apache	struts	2.0.0
apache	struts	2.0.2
apache	struts	2.0.3
apache	struts	2.0.4
apache	struts	2.0.5
apache	struts	2.0.6
apache	struts	2.0.7
apache	struts	2.0.8
apache	struts	2.0.9
apache	struts	2.0.11
apache	struts	2.0.11.1
apache	struts	2.0.11.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:opensymphony:xwork:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB359E4-7D59-4124-855D-8E9CF71554CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opensymphony:xwork:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF27EEA-B36A-4FA1-BC8F-37003457FD53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opensymphony:xwork:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ABB7703-3606-4983-ADCE-829A3291ED66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opensymphony:xwork:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "89891ADF-86DD-4921-81CA-8482FA6AD156",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opensymphony:xwork:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "00DB2D6F-008C-4132-B7A5-86366AE4C551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opensymphony:xwork:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A1AC722-E97E-4EA2-A6F6-9C6EED5131E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opensymphony:xwork:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "318A2710-854A-44BB-8A9D-C5C360BC48E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opensymphony:xwork:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "32976658-0BE5-42E2-A466-7CB9FF5ABF40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CF11DCF-6F6E-4E18-988E-E43918FBB8A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "386538BE-F258-4870-8E11-750ADA228026",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4CF15B9-3714-4206-9971-1F7D59E20483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFA32D87-65C7-4589-86B7-500BE3203CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "98C3FB11-4E24-4067-A3A9-021F849DAAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DCF2D72-90F1-4D1B-94A2-5BB3D8C086C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "661F1610-9FCD-4FC1-BCA1-69C58E0A1389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9C89E22-B106-4EAB-90A1-0EA86C165737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E1BABB2-780E-47E0-87A9-A164906C8421",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "94BD452B-AE41-4F7A-9DB9-4B1039582537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFDC53B-7B8E-4333-BC87-E01024EC9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F0818E7-B617-4C30-BFAC-9FE2F375F8BD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \\u0023 representation for the # character."
    },
    {
      "lang": "es",
      "value": "ParametersInterceptor en OpenSymphony XWork 2.0.x antes de 2.0.6 y 2.1.x antes de 2.1.2, tal como se utiliza en Apache Struts y otros productos, no restringe adecuadamente las referencias # (almohadilla) a objetos de contexto, lo que permite a atacantes remotos ejecutar sentencias OGNL (Object-Graph Navigation Language) y modificar los objetos del contexto del lado del servidor contexto objetos, como lo demuestra el uso de una representaci\u00f3n \\u0023 del car\u00e1cter #."
    }
  ],
  "id": "CVE-2008-6504",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-03-23T14:19:12.407",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://fisheye6.atlassian.com/cru/CR-9/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://issues.apache.org/struts/browse/WW-2692"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://jira.opensymphony.com/browse/XW-641"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/49732"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32495"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32497"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://struts.apache.org/2.x/docs/s2-003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32101"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3003"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/3004"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://fisheye6.atlassian.com/cru/CR-9/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://issues.apache.org/struts/browse/WW-2692"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://jira.opensymphony.com/browse/XW-641"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/49732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://struts.apache.org/2.x/docs/s2-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46328"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2019-AVI-403

Vulnerability from certfr_avis - Published: 2019-08-20 - Updated: 2019-08-20

De multiples vulnérabilités ont été découvertes dans Apache Struts. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apache	Struts	Apache Struts versions antérieures à 2.5.17
	Apache	Struts	Apache Struts versions antérieures à 2.3.35

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-6504 (GCVE-0-2008-6504)

GSD-2008-6504

GHSA-WXW2-2MX5-C5QF

FKIE_CVE-2008-6504

CERTFR-2019-AVI-403

Solution

Tags

Sightings

Nomenclature