virus logo FortiClient Vulnerability

Security Vulnerabilities fixed in Apache Struts S2-021

description-logoDescription

The excluded parameter pattern introduced in version 2.3.16.1 to block access to getClass() method wasn't sufficient. It is possible to omit that with specially crafted requests. Also CookieInterceptor is vulnerable for the same kind of attack when it was configured to accept all cookies (when "*" is used to configurecookiesNameparam).

affected-products-logoAffected Applications

Apache Struts

CVE References

CVE-2014-0112 CVE-2014-0113

Other References

https://cwiki.apache.org/confluence/display/WW/Security+Bulletins
ID 41610
Created Jan 17, 2020
Description
Updated		 Dec 21, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor Apache
Patch manual
Application Apache Struts