lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Oct 2013 12:13:34 -0400 From: Cisco Systems Product Security Incident Response Team <psirt@...co.com> To: bugtraq@...urityfocus.com Cc: psirt@...co.com Subject: Cisco Security Advisory: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products Advisory ID: cisco-sa-20131023-struts2 Revision 1.0 For Public Release 2013 October 23 16:00 UTC (GMT) ====================================================================== Summary - ------- Multiple Cisco products include an implementation of Apache Struts 2 component that is affected by a remote command execution vulnerability. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests consisting of Object-Graph Navigation Language (OGNL) expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system. Cisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000. Cisco Business Edition 3000 should contact their Cisco representative for available options. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlJn58YACgkQUddfH3/BbTqtIAD8CazUZc6aTemD1bZtDxo/oi/W W33zrOUz45kD8clR/7QA/julEKAMtCsAR7O2Q9zdsitg5kK/z9M2UBVVG/tWix3G =sr+X -----END PGP SIGNATURE-----
Powered by blists - more mailing lists