安全公告编号:CNTA-2020-0026
2020nian12yue8ri������,guojiaxinxianquanloudonggongxiangpingtai(cnvd)shoululeapache struts2 yuanchengdaimazhixingloudong(cnvd-2020-69833������,duiyingcve-2020-17530)������。gongjizheliyonggailoudong������,kezaiweishouquan������deqingkuangxiayuanchengzhixingdaima������。muqian������,loudongxijieyigongkai������,changshangyifabushengjibanbenxiufuciloudong������。
一、漏洞情况分析
struts2��������shidierdaijiyumodel-view-controller(mvc)moxing��������dejavaqiyejiwebyingyongkuangjia��������,chengweiguoneiwaijiaoweiliuxing��������derongqiruanjianzhongjianjian��������。
2020nian12yue8ri������,apache strust2fabuzuixinanquangonggao������,apache struts2cunzaiyuanchengdaimazhixing������degaoweiloudong(cve-2020-17530)������。youyustruts2huiduiyixiebiaoqianshuxing������deshuxingzhijinxingercijiexi������,dangzheixiebiaoqianshuxingshiyongle `%{x}` qie `x` ������dezhiyonghukekongshi������,gongjizheliyonggailoudong������,ketongguogouzaotedingcanshu������,huodemubiaofuwuqi������dequanxian������,shixianyuanchengdaimazhixinggongji������。
亚博APPcnvdduigailoudong������dezonghepingjiwei“gaowei”������。
二、漏洞影响范围
亚博APPloudongyingxiang�����dechanpinbanbenbaokuo:
亚博APPstruts 2.0.0-2.5.25
三、漏洞处置建议
亚博APPjingzonghejishuyanpan������,gailoudong������deliyongtiaojianjiaogao������,nanyijinxingdaguimoliyong������。apachegongsiyifabulexinbanben(2.5.26)xiufulegailoudong������,cnvdjianyiyonghujishishengjizhizuixinbanben:
fu:cankaolianjie:
ganxiecnvdjishuzuzhichengdanwei——beijingzhidaochuangyuxinxijishugufenyouxiangongsi�������、qianxinkejijituangufenyouxiangongsiweibenbaogaotigong�������dejishuzhichi�������。
(编辑:CNVD)
