Struts 1.1 vulnerabilities and solutions for WebNMS

Copy code

Permalink

Please tell us why you want to mark the subject as inappropriate. (Maximum 200 characters)

Private Message

From : guest

To :

Subject :

Content :

Type the characters you see in the picture below.

From : guest

To :

Subject :

Content :

Type the characters you see in the picture below.

Feedback

Email ID

Subject :

Comments :

Private Message

Type the characters you see in the picture below.

Attach files

Desktop Google Docs

Each Attachment size should not exceed 5.0 MB. Max no of attachments : 1

Loading User Profile...

guest

Response title

This is preview!

Attachments

()

You can also use the below options to login

New to this Portal?

Click on Join Now to Sign Up

Join Now

Move this topic

Forum :

Sub forum :

WebNMS Framework

venkatram.. Employee

Struts 1.1 vulnerabilities and solutions for WebNMS

in WebNMS Framework • 4 years ago

Team.

We analysed the CVE-2016-1182 vulnerability and found that struts 1.1.x through 1.3.10 do not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.

We had changed the relevant struts sources and had got an updated struts jar. Note that the commons-beanutils.jar has to be upgraded to 1.9.3 (from 1.8, the bundled one) for this change.

We had uploaded the zip of these 2 jars (WEB-INF/lib/struts.jar & apache/tomcat/server/lib/commons-beanutils.jar) herewith (in the same directory format).

Please unzip the zip from this link under NMS_HOME and restart the server.
(P.S. If you had been using Tomcat above 6 (7/8/8.5/9), please replace the commons-beanutils.jar under apache/tomcat/lib).

Further reading: Please read this README file for further information.

Change topic type

Topic Type :

No of days :

Link this topic

Provide the permalink of a topic that is related to this topic

Permalink

Reply to venkatramanan's discussion

{"z334277":[56142000000824002]}

Statistics

0 Replies
1307 Views
0 Followers

Actions

Permalink

Response title

Attachments

New to this Portal?

Struts 1.1 vulnerabilities and solutions for WebNMS

Statistics

Tags

Actions