CVE-2010-1870 — Server side object manipulation in Apache Struts

Description

OGNL provides, among other features, extensive expression evaluation capabilities. This vulnerability allows a malicious user to bypass the '#'-usage protection built into the ParametersInterceptor, thus being able to manipulate server side context objects. This behavior was already addressed in [S2-003](https://cwiki.apache.org/confluence/display/WW/S2-003), but it turned out that the resulting fix based on whitelisting acceptable parameter names closed the vulnerability only partially.

How to fix CVE-2010-1870

To remediate CVE-2010-1870, upgrade the affected package to a fixed version below.

—upgrade to 2.2.1 or later

Is CVE-2010-1870 being exploited?

Likely — EPSS is 92.5%, placing CVE-2010-1870 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

from 0, < 2.2.1

References (10)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2010-1870
PATCHgithub.com/apache/struts
WEBblog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html
WEBconfluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16