The Analysis of Apache Struts 1 Form Field Input Validation Bypass (CVE-2015-0899)

October 26, 2017

Apache Struts 1 is a popularly used JAVA EE web application framework. It offers many kinds of validators to filter user input by using the Apache Common Validator library, which is both convenient and fast. However, a bug in Apache Struts can be used to easily bypass the input validation process, allowing an attacker to submit arbitrary dirty data to the database, possibly resulting in a cross-site scripting attack when the user views the JSP file that refers directly to the corrupted data.

Read more...

Previous Article
Why ICSA Advanced Threat Defense for Email is So Important
Why ICSA Advanced Threat Defense for Email is So Important

Verizon’s 2017 Data Breach Investigations Report found that two-thirds (66%) of all installed malware that ...

Next Article
CHIME 17 Event Preview: Understanding Your Patients’ Cybersecurity Concerns
CHIME 17 Event Preview: Understanding Your Patients’ Cybersecurity Concerns

Healthcare and IT are becoming increasingly intertwined as technology enables patient-centric care, more ef...