FortiClient VulnerabilityApache Struts CVE-2007-4556 Vulnerability
Description
The 'altSyntax' feature of WebWork 2.1+ and Struts 2 allows OGNL expressions to be inserted into text strings and is processed recursively. This allows a malicious user to submit a string, usually through an HTML text field, containing an OGNL expression that will then be executed by the server if the form validation has failed. For example, say we had this form that required the 'phoneNumber' field to not be blank:
Affected Applications
Apache Struts
CVE References
CVE-2007-4556Other References
https://cwiki.apache.org/confluence/display/WW/Security+Bulletins| ID | 41593 |
| Created | Jan 17, 2020 |
| Description Updated |
Dec 14, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Linux |
| Vendor | Apache |
| Patch | manual |
| Application | Apache Struts |