Analysis of Struts Vulnerabilities in Parameters & Cookie Interceptors

Apache Struts vulnerabilities and back-to-back releases/security announcements S2-022/2014-0116/S2-020 have been released. These vulnerabilities let an attacker get to the internal properties of Struts. Exploit works by modifying the naming scheme of log files and the location where log files are stored to root directory, where Web application code is stored. When the attacker sends a request containing malicious script, this will get logged into the log file, which may have a name and extension of the attackers choice.”]

Source: https://securityintelligence.com/struts-vulnerabilities-analysis-parameters-cookie-interceptors-impact-exploitation/

Something Fresh

What to Know About The Jamaica Data Protection Act

St Vincent and the Grenadines embracing CariSECURE

Jamaica's Gov’t Looking to Finalize Data Protection Act Regulations

What People Reading

Feedback and data-driven updates to Googles disclosure policy

Mozilla Says Google's New Ad Tech - FLoC - Doesn't Protect User Privacy

Selling technology to cops, part 2

Launching AnonLeaks, Ready To Dump More HBGary E-mails!

RSA: Geolocation shows just how dead privacy is

Categories

Partners

Just add here your partners image or promo text