BID:50940

Apache Struts Session Tampering Security Bypass Vulnerability

Info

Apache Struts Session Tampering Security Bypass Vulnerability

Bugtraq ID:	50940
Class:	Input Validation Error
CVE:	CVE-2011-5057
Remote:	Yes
Local:	No
Published:	Dec 07 2011 12:00AM
Updated:	Jan 10 2012 10:00PM
Credit:	Hisato Killing
Vulnerable:	Apache Software Foundation Struts 2.1.8 .1 Apache Software Foundation Struts 2.0.9

Not Vulnerable:

Discussion

Apache Struts Session Tampering Security Bypass Vulnerability

Apache Struts is prone to a security-bypass vulnerability that allows session tampering.

Successful attacks will allow attackers to bypass security restrictions and gain unauthorized access.

Apache Struts versions 2.0.9 and 2.1.8.1 are vulnerable; other versions may also be affected.

Exploit / POC

Apache Struts Session Tampering Security Bypass Vulnerability

The following example URI is available:

http://www.example.com/SomeAction.action?session.somekey=someValue

Solution / Fix

Apache Struts Session Tampering Security Bypass Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].

References

Apache Struts Session Tampering Security Bypass Vulnerability

References:

A session value is overwrited by requesting. (Apache)
Implementing SessionAware allows session tampering (Apache)
Struts Homepage (Apache Software Foundation)