Endpoint Vulnerability

Apache Struts security advisory S2-012

Description

OGNL provides, among other features, extensive expressionevaluation capabilities.A request that included a specially crafted request parameter could be used to inject arbitrary OGNL code into a property, afterward used as request parameter of a redirect address, which will cause a further evaluation.

Affected Products

Apache Struts

References

CVE-2013-1965,