On December 8, 2020, Apache published a security bulletin providing details for CVE-2020-17530, a forced double Object-Graph Navigation Language (OGNL) evaluation vulnerability in Apache Struts 2.0.0 to 2.5.25 that provides attackers arbitrary remote execution capabilities on a victim’s server. Using the corresponding proof of concept (POC), Contrast Labs was able to reproduce the attack and confirm that Contrast Protect and Contrast Assess customers are already protected from the vulnerability being exploited.
The post Contrast Labs: Apache Struts CVE-2020-17530 appeared first on Security Boulevard.
The post Contrast Labs: Apache Struts CVE-2020-17530 appeared first on Malware Devil.
https://malwaredevil.com/2020/12/18/contrast-labs-apache-struts-cve-2020-17530/?utm_source=rss&utm_medium=rss&utm_campaign=contrast-labs-apache-struts-cve-2020-17530
No comments:
Post a Comment