Boletines de Vulnerabilidades

Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products

Información sobre el sistema
   
Software afectado Cisco

Descripción
Multiple Cisco products include an implementation of the Apache Struts 2component that is affected by a remote command execution vulnerability identified by Apache with Common Vulnerabilities and Exposures ID CVE-2010-1870.The vulnerability is due to insufficient sanitization on user-supplied input in the XWorks component of the affected software. The component uses the ParameterInterceptors directive to parse the Object-Graph Navigation Language (OGNL) expressions that are implemented via a

More info:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Apache%20Struts%202%20Command%20Execution%20Vulnerability%20in%20Multiple%

Identificadores estándar
Propiedad Valor
CVE CVE-2010-1870.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-07-10

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT