Skip to content
/ struts2_rce_attack_filter Public

Possible RCE Solution when performing file upload based on Jakarta Multipart parser (Filter Approach)

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fredondiek/struts2_rce_attack_filter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
MultipartRequestFilter.java
MultipartRequestFilter.java
 
 
README.md
README.md
 
 
web.xml
web.xml
 
 

Repository files navigation

struts2_rce_attack_filter

Reference

https://cwiki.apache.org/confluence/display/WW/S2-045

Audience

Struts 2 Developers

Vulnerability and its risks

Possible RCE when performing file upload based on Jakarta Multipart parser Maximum security rating High

Recommendation

Upgrade to Struts 2.3.32 or Struts 2.5.10.1

Affected Struts versions

Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10

Description

Filter to intercept all requests that are coming to the struts2 application and then reject the invalid content Types,its a simple workaround as you prepare to migrate to the latest stable release of struts as recommended by the struts team.

The recommended versions as mentioned in the wiki are shown above.

Installation

Include the filter in your web.xml

part test.MultipartRequestFilter part /*

Contact and assistance

feel free to use the filter and contact for anyissue in installing or configuring the filter. [email protected]

About

Possible RCE Solution when performing file upload based on Jakarta Multipart parser (Filter Approach)

Topics

filter rce struts2 jakarta filupload

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages