XWork AltSyntax OGNL Input Validation Vulnerability

Bugtraq ID: 25524
Class: Input Validation Error
CVE: CVE-2007-4556
Remote: Yes
Local: No
Published: Sep 04 2007 12:00AM
Updated: Mar 13 2008 03:01PM
Credit: Andrea Vettori discovered this vulnerability.
Vulnerable: OpenSymphony XWork 2.0.3
OpenSymphony XWork 2.0.2
OpenSymphony XWork 2.0.1
OpenSymphony WebWork 2.2.5
OpenSymphony WebWork 2.2.4
OpenSymphony WebWork 2.2.3
OpenSymphony WebWork 2.2.2
OpenSymphony WebWork 2.2.1
OpenSymphony WebWork 2.2
OpenSymphony WebWork 2.1
Apache Struts 2.0.8
Apache Struts 2.0.7
Apache Struts 2.0.6
Apache Struts 2.0.5
Apache Struts 2.0.4
Apache Struts 2.0.3
Apache Struts 2.0.2
Apache Struts 2.0.1
Not Vulnerable: OpenSymphony XWork 2.0.4
OpenSymphony WebWork 2.2.6
Apache Struts 2.0.9


 

Privacy Statement
Copyright 2010, SecurityFocus