CVE-2008-6504

NONECVSS 0.0

0.0

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.

🔗 References (22)

cve@mitrehttp://fisheye6.atlassian.com/cru/CR-9/
cve@mitrehttp://issues.apache.org/struts/browse/WW-2692
cve@mitrehttp://jira.opensymphony.com/browse/XW-641
cve@mitrehttp://osvdb.org/49732
cve@mitrehttp://secunia.com/advisories/32495
cve@mitrehttp://secunia.com/advisories/32497
cve@mitrehttp://struts.apache.org/2.x/docs/s2-003.html
cve@mitrehttp://www.securityfocus.com/bid/32101
cve@mitrehttp://www.vupen.com/english/advisories/2008/3003
cve@mitrehttp://www.vupen.com/english/advisories/2008/3004
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/46328
af854a3a-2127-422b-91ae-364da2661108http://fisheye6.atlassian.com/cru/CR-9/
af854a3a-2127-422b-91ae-364da2661108http://issues.apache.org/struts/browse/WW-2692
af854a3a-2127-422b-91ae-364da2661108http://jira.opensymphony.com/browse/XW-641
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/49732

Is Your Infrastructure Affected by CVE-2008-6504?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-6504

📅 Published

🔄 Last Modified

🔗 References (22)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-6504?