The Analysis of Apache Struts 1 Form Field Input Validation Bypass (CVE-2015-0899)

October 25, 2017

Apache Struts 1 is a popularly used JAVA EE web application framework. It offers many kinds of validators to filter user input by using the Apache Common Validator library, which is both convenient and fast. However, a bug in Apache Struts can be used to easily bypass the input validation process, allowing an attacker to submit arbitrary dirty data to the database, possibly resulting in a cross-site scripting attack when the user views the JSP file that refers directly to the corrupted data.

Read more...

Previous Article
Threat Information Sharing Can Change the Security Landscape
Threat Information Sharing Can Change the Security Landscape

To further expand and solidify the power of threat information and intelligence sharing, specialists, resea...

Next Article
The Analysis of Apache Struts 1 ActionServlet Validator Bypass (CVE-2016-1182)
The Analysis of Apache Struts 1 ActionServlet Validator Bypass (CVE-2016-1182)

Apache Struts 1 ValidatorForm is a commonly used component in the JAVA EE Web Application that requires val...