Proof of concept
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
21 Aug 2020
11 Aug 2020
Takeshi Terada of Mitsui Bussan Secure Directions, Inc
How to fix?
org.apache.struts:struts2-core to version 2.5.22 or higher.
org.apache.struts:struts2-core is a popular open-source framework for developing web applications in the Java programming language.
Affected versions of this package are vulnerable to Denial of Service (DoS). When a file upload is performed to an
Action that exposes the file with a getter, an attacker may manipulate the request such that the working copy of the uploaded file is set to read-only. As a result, subsequent actions on the file will fail with an error. It might also be possible to set the Servlet container's temp directory to read-only, such that subsequent upload actions will fail.