New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

java-classes: add struts namespaces #1177

Merged
merged 1 commit into from Sep 13, 2018

Conversation

Projects
None yet
3 participants
@lifeforms
Collaborator

lifeforms commented Aug 24, 2018

Some new Struts payload was found to use a gadget under org.apache.struts2 namespace, so include these Struts namespaces in the Java classes blacklist for good measure.

(We are already detecting this payload via other rules.)

See also: http://blog.atucom.net/2018/08/apache-struts-2-vulnerability-exploit.html

@lifeforms lifeforms added this to the CRS v3.2.0 milestone Aug 24, 2018

@lifeforms lifeforms requested a review from spartantri Aug 24, 2018

@spartantri
Collaborator

spartantri left a comment

thanks for adding :)

@dune73

This comment has been minimized.

Collaborator

dune73 commented Sep 13, 2018

Thank you @lifeforms.

@dune73 dune73 merged commit 0c30856 into SpiderLabs:v3.2/dev Sep 13, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment