XWork 'ParameterInterceptor' Class OGNL (CVE-2010-1870) Security Bypass Vulnerability

Bugtraq ID: 41592
Class: Design Error
CVE: CVE-2010-1870
Remote: Yes
Local: No
Published: Jul 13 2010 12:00AM
Updated: Sep 01 2014 12:13AM
Credit: Meder Kydyraliev
Vulnerable: VMWare vCenter Orchestrator 4.1
VMWare vCenter Orchestrator 4.0
OpenSymphony XWork 2.1.5
OpenSymphony XWork 2.1
OpenSymphony XWork 2.0.6
OpenSymphony XWork 2.0.5
OpenSymphony XWork 2.0.4
OpenSymphony XWork 2.0.3
OpenSymphony XWork 2.0.2
OpenSymphony XWork 2.0.1
Cisco Unified Contact Center Enterprise 0
Atlassian Fisheye 2.3.4
Atlassian Fisheye 2.2.3
Atlassian Crucible 2.3.2
Atlassian Crucible 2.2.3
Apache Software Foundation Struts 2.1.8 .1
Apache Software Foundation Struts 2.1.8
Apache Software Foundation Struts 2.1.1
Apache Software Foundation Struts 2.1
Apache Software Foundation Struts 2.0.12
Apache Software Foundation Struts 2.0.11 .2
Apache Software Foundation Struts 2.0.11 .1
Apache Software Foundation Struts 2.0.9
Apache Software Foundation Struts 2.0.8
Apache Software Foundation Struts 2.0.7
Apache Software Foundation Struts 2.0.6
Apache Software Foundation Struts 2.0.5
Apache Software Foundation Struts 2.0.4
Apache Software Foundation Struts 2.0.3
Apache Software Foundation Struts 2.0.2
Apache Software Foundation Struts 2.0.1
Apache Software Foundation Struts 2.0
Apache Software Foundation Archiva 1.3.4
Apache Software Foundation Archiva 1.3.3
Apache Software Foundation Archiva 1.3.1
Apache Software Foundation Archiva 1.3.5
Apache Software Foundation Archiva 1.3
Not Vulnerable: Cisco Media Experience Engine (MXE) 5600 1.0
Atlassian Fisheye 2.3.1
Atlassian Crucible 2.3.3
Apache Software Foundation Struts 2.2


 

Privacy Statement
Copyright 2010, SecurityFocus