FKIE_CVE-2008-6504

Vulnerability from fkie_nvd - Published: 2009-03-23 14:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
References
cve@mitre.orghttp://fisheye6.atlassian.com/cru/CR-9/Patch
cve@mitre.orghttp://issues.apache.org/struts/browse/WW-2692Exploit
cve@mitre.orghttp://jira.opensymphony.com/browse/XW-641Exploit
cve@mitre.orghttp://osvdb.org/49732
cve@mitre.orghttp://secunia.com/advisories/32495Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/32497Vendor Advisory
cve@mitre.orghttp://struts.apache.org/2.x/docs/s2-003.htmlExploit
cve@mitre.orghttp://www.securityfocus.com/bid/32101
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/3003Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/3004
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/46328
af854a3a-2127-422b-91ae-364da2661108http://fisheye6.atlassian.com/cru/CR-9/Patch
af854a3a-2127-422b-91ae-364da2661108http://issues.apache.org/struts/browse/WW-2692Exploit
af854a3a-2127-422b-91ae-364da2661108http://jira.opensymphony.com/browse/XW-641Exploit
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/49732
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32495Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32497Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://struts.apache.org/2.x/docs/s2-003.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32101
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3003Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3004
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/46328
Impacted products
Vendor Product Version
opensymphony xwork 2.0.0
opensymphony xwork 2.0.1
opensymphony xwork 2.0.2
opensymphony xwork 2.0.3
opensymphony xwork 2.0.4
opensymphony xwork 2.0.5
opensymphony xwork 2.1.0
opensymphony xwork 2.1.1
apache struts 2.0.0
apache struts 2.0.2
apache struts 2.0.3
apache struts 2.0.4
apache struts 2.0.5
apache struts 2.0.6
apache struts 2.0.7
apache struts 2.0.8
apache struts 2.0.9
apache struts 2.0.11
apache struts 2.0.11.1
apache struts 2.0.11.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:opensymphony:xwork:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB359E4-7D59-4124-855D-8E9CF71554CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opensymphony:xwork:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF27EEA-B36A-4FA1-BC8F-37003457FD53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opensymphony:xwork:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ABB7703-3606-4983-ADCE-829A3291ED66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opensymphony:xwork:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "89891ADF-86DD-4921-81CA-8482FA6AD156",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opensymphony:xwork:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "00DB2D6F-008C-4132-B7A5-86366AE4C551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opensymphony:xwork:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A1AC722-E97E-4EA2-A6F6-9C6EED5131E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opensymphony:xwork:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "318A2710-854A-44BB-8A9D-C5C360BC48E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opensymphony:xwork:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "32976658-0BE5-42E2-A466-7CB9FF5ABF40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CF11DCF-6F6E-4E18-988E-E43918FBB8A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "386538BE-F258-4870-8E11-750ADA228026",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4CF15B9-3714-4206-9971-1F7D59E20483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFA32D87-65C7-4589-86B7-500BE3203CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "98C3FB11-4E24-4067-A3A9-021F849DAAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DCF2D72-90F1-4D1B-94A2-5BB3D8C086C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "661F1610-9FCD-4FC1-BCA1-69C58E0A1389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9C89E22-B106-4EAB-90A1-0EA86C165737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E1BABB2-780E-47E0-87A9-A164906C8421",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "94BD452B-AE41-4F7A-9DB9-4B1039582537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFDC53B-7B8E-4333-BC87-E01024EC9C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F0818E7-B617-4C30-BFAC-9FE2F375F8BD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \\u0023 representation for the # character."
    },
    {
      "lang": "es",
      "value": "ParametersInterceptor en OpenSymphony XWork 2.0.x antes de 2.0.6 y 2.1.x antes de 2.1.2, tal como se utiliza en Apache Struts y otros productos, no restringe adecuadamente las referencias # (almohadilla) a objetos de contexto, lo que permite a atacantes remotos ejecutar sentencias OGNL (Object-Graph Navigation Language) y modificar los objetos del contexto del lado del servidor contexto objetos, como lo demuestra el uso de una representaci\u00f3n \\u0023 del car\u00e1cter #."
    }
  ],
  "id": "CVE-2008-6504",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-03-23T14:19:12.407",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://fisheye6.atlassian.com/cru/CR-9/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://issues.apache.org/struts/browse/WW-2692"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://jira.opensymphony.com/browse/XW-641"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/49732"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32495"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32497"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://struts.apache.org/2.x/docs/s2-003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32101"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3003"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/3004"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://fisheye6.atlassian.com/cru/CR-9/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://issues.apache.org/struts/browse/WW-2692"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://jira.opensymphony.com/browse/XW-641"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/49732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://struts.apache.org/2.x/docs/s2-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46328"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.