|
|
XWork 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability
|
Bugtraq ID:
|
32101
|
|
Class:
|
Design Error
|
|
CVE:
|
CVE-2008-6504
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
Nov 04 2008 12:00AM
|
|
Updated:
|
Mar 27 2009 07:46PM
|
|
Credit:
|
Meder Kydyraliev, Google Security Team
|
|
Vulnerable:
|
OpenSymphony XWork 2.0.5
OpenSymphony XWork 2.0.4
OpenSymphony XWork 2.0.3
OpenSymphony XWork 2.0.2
OpenSymphony XWork 2.0.1
Apache Software Foundation Struts 2.0.11 .2
Apache Software Foundation Struts 2.0.9
Apache Software Foundation Struts 2.0.8
Apache Software Foundation Struts 2.0.7
Apache Software Foundation Struts 2.0.6
Apache Software Foundation Struts 2.0.5
Apache Software Foundation Struts 2.0.4
Apache Software Foundation Struts 2.0.3
Apache Software Foundation Struts 2.0.2
Apache Software Foundation Struts 2.0.1
Apache Software Foundation Struts 2.0
|
|
|
|
Not Vulnerable:
|
OpenSymphony XWork 2.0.6
Apache Software Foundation Struts 2.0.12
|
|
|
