Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-JAVA-ORGAPACHESTRUTSXWORK-30790
- published 17 Jun 2014
- disclosed 8 Jan 2012
- credit Unknown
The ParameterInterceptor component in Apache Struts before 126.96.36.199 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.