http://news.poseidon-us.com/TGpG8B
Last week, Apache announced a vulnerability in Struts2 [1]. The path traversal vulnerability scored 9.5 on the CVSS scale. If exploited, the vulnerability allows file uploads into otherwise restricted directories, which may lead to remote code execution if a webshell is uploaded and exposed in the web root. I call the exploit attempts below “inspired” by this vulnerability. There are at least two vulnerabilities that could be targeted. I do not have a vulnerable system to test if the exploit will work.
http://news.poseidon-us.com/TGpG8B
http://news.poseidon-us.com/TGpG8B
