virus logo FortiClient Vulnerability

Apache Struts security advisory S2-009

description-logoDescription

OGNL provides, among other features, extensive expressionevaluation capabilities. The vulnerability allows a malicious user to bypass all the protections (regex pattern, deny method invocation) built into the ParametersInterceptor, thus being able to inject a malicious expression in any exposed string variable for further evaluation.

affected-products-logoAffected Applications

Apache Struts

Other References

https://cwiki.apache.org/confluence/display/WW/Security+Bulletins
ID 41600
Created Feb 22, 2023
Description
Updated		 Feb 22, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Coverage FortiClient
OS Linux
Vendor Apache
Patch manual
Application Apache Struts