One Article Review
| Source |  Fortinet |
|---|---|
| Identifiant | 424309 |
| Date de publication | 2017-10-25 11:50:59 (vue: 2017-10-25 11:50:59) |
| Titre | The Analysis of Apache Struts 1 Form Field Input Validation Bypass (CVE-2015-0899) |
| Texte | Apache Struts 1 is a popularly used JAVA EE web application framework. It offers many kinds of validators to filter user input by using the Apache Common Validator library, which is both convenient and fast. However, a bug in Apache Struts can be used to easily bypass the input validation process, allowing an attacker to submit arbitrary dirty data to the database, possibly resulting in a cross-site scripting attack when the user views the JSP file that refers directly to the corrupted data. |
| Notes | |
| Envoyé | Oui |
| Condensat | 0899 2015 allowing analysis apache application arbitrary attack attacker both bug bypass can common convenient corrupted cross cve data database directly dirty easily fast field file filter form framework however input java jsp kinds library many offers popularly possibly process refers resulting scripting site struts submit used user using validation validator validators views web when which |
| Tags | |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.