1æ29æ¥ã¾ã§ã«æããã«ãªã£ãèå¼±æ§æ å ±ã®ãã¡ãæ°ã«ãªããã®ãç´¹ä»ãã¾ããããããããã³ãã¼ãæä¾ããæ å ±ãªã©ãåèã«å¯¾å¦ãã¦ãã ããã Struts 2.3.1.2ãªãªã¼ã¹ï¼2012/01/22ï¼ Webã¢ããªã±ã¼ã·ã§ã³ãã¬ã¼ã ã¯ã¼ã¯Strutsã®ãã¼ã¸ã§ã³2.3.1.2ããªãªã¼ã¹ããã¾ããããã®ãã¼ã¸ã§ã³ã§ã¯ãParametersInterceptorã«çµã¿è¾¼ã¾ãã¦ããé²è·æ©è½ãè¿åãã¦ãOGNLï¼Object Graph Navigation Languageï¼ã使ã£ãä»»æã®ã³ã¼ãå®è¡ã許ãã¦ãã¾ãèå¼±æ§ï¼CVE-2011-3923ï¼ã解決ãã¦ãã¾ããStruts 2.0.0ï½2.3.1.1ã«å½±é¿ãããã¾ãã Apache Strutsï¼ParameterInterceptor vulnerability allows remote command execution Apache
{{#tags}}- {{label}}
{{/tags}}