Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2020-17530 | Apache Struts Remote Code Execution Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
CVE-2020-17530 is a remote code execution vulnerability in Apache Struts versions 2.0.0 - 2.5.25 allows an attacker to execute code via forced Object Graph Navigational Language (OGNL).
References
|
| CVE-2020-17530 | Apache Struts Remote Code Execution Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
CVE-2020-17530 is a remote code execution vulnerability in Apache Struts versions 2.0.0 - 2.5.25 allows an attacker to execute arbitrary code via forced Object Graph Navigational Language (OGNL) evaluation on raw user input in tag attributes.
References
|