Recently, several serious vulnerabilities have been found in the Apache Struts web application framework. Using the Application Firewall’s signature feature, Citrix was able to quickly produce new signatures that would block any attempt to exploit the Struts vulnerabilities. These signatures can be found at: http://support.citrix.com/article/ctx138807. They will also be part of the next set of regular signature updates provided by Citrix.
The following are links to information on the Struts vulnerabilities:
- Information following “action:”, “redirect:”, or “redirectAction:” is not properly sanitized: http://struts.apache.org/release/2.3.x/docs/s2-016.html
- A request that included a specially crafted request parameter could be used to inject arbitrary OGNL code into the stack: http://struts.apache.org/development/2.x/docs/s2-014.html
- Filters designed to prevent attackers from calling arbitrary methods within parameters can be bypassed: http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html