CVE-2010-1870

NUCLEI

Struts 2.0.0-2.1.8.1 - RCE

Title source: llm

Description

The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/17691

View Code ZIP pw:eip

exploitdb WORKING POC

by Meder Kydyraliev · textremotemultiple

https://www.exploit-db.com/exploits/14360

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by bannedit, Meder Kydyraliev · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/struts_code_exec.rb

View Code ZIP pw:eip

Nuclei Templates (1)

ListSERV Maestro <= 9.0-8 RCE

MEDIUMby b0yd

Shodan: http.html:"apache struts" || http.title:"struts2 showcase" || http.html:"struts problem report"

FOFA: body="struts problem report" || title="struts2 showcase" || body="apache struts"

References (12)

[Various Sources] http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html

[Vendor Advisory] http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html

[Mailing List] http://seclists.org/fulldisclosure/2010/Jul/183

[Mailing List] http://seclists.org/fulldisclosure/2020/Oct/23

[Various Sources] http://struts.apache.org/2.2.1/docs/s2-005.html

[Various Sources] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2

[Exploit] http://www.exploit-db.com/exploits/14360

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/41592

[Third Party Advisory, VDB Entry] http://www.osvdb.org/66280

[Third Party Advisory] http://secunia.com/advisories/59110

[Third Party Advisory] http://securityreason.com/securityalert/8345

Scores

EPSS 0.9253

EPSS Percentile 99.7%

Details

Status published

Products (27)

apache/struts 2.0.0

apache/struts 2.0.1

apache/struts 2.0.2

apache/struts 2.0.3

apache/struts 2.0.4

apache/struts 2.0.5

apache/struts 2.0.6

apache/struts 2.0.7

apache/struts 2.0.8

apache/struts 2.0.9

... and 17 more

Published Aug 17, 2010

Tracked Since Feb 18, 2026