CVE-2021-31805

Description from NVD

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tagâ€™s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.

Information Acquisition Date:2022-08-14T14:48Z

CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Parical	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

https://cwiki.apache.org/confluence/display/WW/S2-062
source:MISC
tags:Mitigation Patch Vendor Advisory

[oss-security] 20220412 CVE-2021-31805: Apache Struts: Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.
source:MLIST
tags:Mailing List Mitigation Third Party Advisory

https://security.netapp.com/advisory/ntap-20220420-0001/
source:CONFIRM
tags:Third Party Advisory

N/A
source:N/A
tags:

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

Software Tag: Oracle(2 tweets)

List of frequently cited URLs

URL	Num of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...	120
https://cvetrends.com	54
https://lists.astaro.com/ASGV9-IPS-rules.html#0	33
https://securityaffairs.co/wordpress/130173/security/critic...	11
https://cwiki.apache.org/confluence/display/WW/S2-062	7
https://ift.tt/G5y80Uc	4
https://security.sios.com/vulnerability/struts-security-vul...	3
https://www.bleepingcomputer.com/news/security/critical-apa...	3

Information from Twitter

User	URL	Info Source	Date
WolfgangSesin	http://www.sesin.at	Source WolfgangSesin 1625197067676033026	2023/02/14
WolfgangSesin	https://www.sesin.at/2023/02/13/cve-2021-31805-oracle-hyper...	Source WolfgangSesin 1625197067676033026	2023/02/14
www_sesin_at	http://www.sesin.at	Source www_sesin_at 1625197073002860546	2023/02/14
www_sesin_at	https://www.sesin.at/2023/02/13/cve-2021-31805-oracle-hyper...	Source www_sesin_at 1625197073002860546	2023/02/14

List of frequently cited URLs

URL	Num of Times Referred to
alerts.vulmon.com	120
cvetrends.com	54
lists.astaro.com	33
securityaffairs.co	11
cwiki.apache.org	7
ift.tt	4
security.sios.com	3
www.bleepingcomputer.com	3

Information from Twitter

User	URL	Info Source
WolfgangSesin	sesin.at	Show Tweet
WolfgangSesin	sesin.at	Show Tweet
www_sesin_at	sesin.at	Show Tweet
www_sesin_at	sesin.at	Show Tweet

GitHub Search Results: Up to 10

Name	URL
YanMu2020/s2-062	https://github.com/YanMu2020/s2-062
Wrin9/CVE-2021-31805	https://github.com/Wrin9/CVE-2021-31805
aeyesec/CVE-2021-31805	https://github.com/aeyesec/CVE-2021-31805
jax7sec/S2-062	https://github.com/jax7sec/S2-062
Axx8/Struts2_S2-062_CVE-2021-31805	https://github.com/Axx8/Struts2_S2-062_CVE-2021-31805
3SsFuck/CVE-2021-31805-POC	https://github.com/3SsFuck/CVE-2021-31805-POC

GitHub Search Results: Up to 10

Name	URL
YanMu2020/s2-062	github.com
Wrin9/CVE-2021-31805	github.com
aeyesec/CVE-2021-31805	github.com
jax7sec/S2-062	github.com
Axx8/Struts2_S2-062_CVE-2021-31805	github.com
3SsFuck/CVE-2021-31805-POC	github.com

2023/02/14 Score : 0
Added Har-sia Database : 2022/04/13
Last Modified : 2023/02/14
Highest Scored Date : 2022/04/13
Highest Score : 43