icon

We found results for “

CVE-2016-1000031

Date: October 25, 2016

Overview

Remote code execution is possible if an application uses the built-in file upload mechanism in Apache Struts versions 2.3.36 and prior. This involves the use of the default Commons FileUpload library where the vulnerability resides. An attacker can gain access to the application’s databases and run arbitrary code on the affected systems.

Details

Apache Struts is a convention over configuration MVC framework that is used to create web applications. Being open-source, it is heavily relied upon by developers for Java based projects. Struts framework uses a high performing file upload mechanism packaged as Commons FileUpload library. If a Java web application uses an affected version of Struts 2, it is only vulnerable if it leverages the default file upload mechanism. It is also safe to use affected versions with updated Commons FileUpload library (versions 1.3.3 or later). The vulnerability lies in the DiskFileItem of the Commons FileUpload library, which handles the uploads. The DiskFileItem implements writeObject() and readObject(). Also, it is susceptible to manipulation as it is serializable. An attacker can manipulate the data before it is deserialized, enabling reading and writing on arbitrary locations on the disk. This essentially gives the attacker full access to the system. Although remote code execution can have many dire consequences, a common exploit can entail code retrieval and unauthorized database exposure.

Affected Environments

Apache Struts is used widely in enterprise production environments, making them vulnerable to CVE-2016-1000031. Apache Struts version 2.3.36 and prior using the Commons FileUpload library is affected. Other versions that have a copy of the Commons FileUpload library prior to 1.3.3 may also be affected.

Remediation

Upgrade Commons FileUpload library to version 1.3.3

Prevention

Apply vendor-supplied patches Use other file upload mechanism Upgrade to commons-fileupload 1.3.3

Language: Java

Good to know:

icon
icon

Improper Access Control

CWE-284
icon

Upgrade Version

Upgrade to version 1.3.3

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): Low
Integrity (I): Low
Availability (A): Low
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Partial
Integrity (I): Partial
Availability (A): Partial
Additional information:

Related Resources (27)