Apache Struts 2.5.14.1 ÒÑ·¢²¼¡£Struts ÊÇ ApacheÈí¼þ»ù½ð»á£¨ASF£©ÔÞÖúµÄÒ»¸ö¿ªÔ´ÏîÄ¿£¬×î³õÊÇ Jakarta ÏîÄ¿ÖеÄÒ»¸ö×ÓÏîÄ¿£¬ÔÚ 2004Äê3Ô³ÉΪ ASF µÄ¶¥¼¶ÏîÄ¿¡£Ëüͨ¹ý²ÉÓà Java Servlet/JSP ¼¼Êõ£¬ÊµÏÖÁË»ùÓÚ Java EE Web Ó¦ÓÃµÄ MVC Éè¼ÆģʽµÄÓ¦Óÿò¼Ü£¬ÊÇ MVC ¾µäÉè¼ÆģʽÖеÄÒ»¸ö¾µä²úÆ·¡£
´Ë°æ±¾°üº¬ÒÔÏÂÕë¶ÔDZÔÚ°²È«Â©¶´µÄÐÞ¸´£º
A crafted JSON request can be used to perform a DoS attack when using the Struts REST plugin
Vulnerability in the Jackson JSON library
¸ü¶àÐÞ¸´ºÍ¸Ä½ø£¬Çë²éÔÄ£º
https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.14.1
ÏÂÔصØÖ·£º
http://struts.apache.org/download.cgi#struts-ga
À´×Ô:¿ªÔ´ÖйúÉçÇø
