Results for Apache Struts 1

Threat Research

The Analysis of Apache Struts 1 Form Field Input Validation Bypass (CVE-2015-0899)

Apache Struts 1 is a popularly used JAVA EE web application framework. It offers many kinds of validators to filter user input by using the Apache Common Validator library, which is both convenient and fast. However, a bug in Apache Struts can be used to easily bypass the input validation process, allowing an attacker to submit arbitrary dirty data to the database, possibly resulting in a cross-site scripting attack when the user views the JSP file that refers directly to the corrupted data.

By Dehui YinOctober 25, 2017