CVE-2020-17530CISA KEV: Actively Exploited

Apache Struts Remote Code Execution Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.

Public Exploits & PoCs8 found

PoC: CVE-2020-17530

S2-061 的payload,以及对应简单的PoC/Exp

48

PoC: CVE-2020-17530

S2-061 CVE-2020-17530

29

PoC: CVE-2020-17530-strust2-061

CVE-2020-17530-strust2-061

5

PoC: CVE-2020-17530

Apache Struts2框架是一个用于开发Java EE网络应用程序的Web框架。Apache Struts于2020年12月08日披露 S2-061 Struts 远程代码执行漏洞(CVE-2020-17530),在使用某些tag等情况下可能存在OGNL表达式注入漏洞,从而造成远程代码执行,风险极大。提醒我校Apache Struts用户尽快采取安全措施阻止漏洞攻击。

1

PoC: CVE-2020-17530

WHS 3기 장대혁 취약한(CVE) Docker 환경 구성 과제입니다.

PoC: CVE-2020-17530

Vulnerable environment of CVE-2020-17530 (S2-061) for testing

PoC: CVE-2020-17530

Struts2 S2-061 远程命令执行漏洞(CVE-2020-17530)

PoC: freemarker_RCE_struts2_s2-061

(cve-2020-17530) struts2_s2-061 freemarker_RCE testscript

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free