6.8

CVSS Score

Basic Information

CVE ID

CVE-2007-4556

GHSA ID

GHSA-h7mf-qrm9-2848

EPSS Score

0.8423%

CWE

CWE-20

Published

5/1/2022

Updated

9/11/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2007-4556

CVE-2007-4556: OpenSymphony XWork vulnerable to improper input validation

XWork is an command-pattern framework that is used to power WebWork as well as other applications. Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.

Note: Version 2.0.4 marks the change from opensymphony:xwork to com.opensymphony:xwork.

(GitHub Advisory)

6.8

CVSS Score

Basic Information

CVE ID

CVE-2007-4556

GHSA ID

GHSA-h7mf-qrm9-2848

EPSS Score

0.8423%

CWE

CWE-20

Published

5/1/2022

Updated

9/11/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
opensymphony:xwork	maven	< 1.2.3	1.2.3
opensymphony:xwork	maven	>= 2.0.0, <= 2.0.3	2.0.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from recursive OGNL evaluation in XWork's expression handling. The core functions are:

OgnlValueStack.findValue() - Directly evaluates OGNL expressions from user input
TextParseUtil.translateVariables() - Processes %{...} syntax patterns These would appear in stack traces when processing malicious payloads containing OGNL expressions. The Struts S2-001 documentation explicitly references these expression evaluation patterns, and the XWork 2.0.4 patch notes indicate changes to OGNL handling in these areas.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

XWork is *n *omm*n*-p*tt*rn *r*m*work t**t is us** to pow*r W**Work *s w*ll *s ot**r *ppli**tions. Struts support in Op*nSymp*ony XWork ***or* *.*.*, *n* *.x ***or* *.*.*, *s us** in W**Work *n* *p**** Struts, r**ursiv*ly *v*lu*t*s *ll input *s *n O*

Reasoning

T** vuln*r**ility st*ms *rom r**ursiv* O*NL *v*lu*tion in XWork's *xpr*ssion **n*lin*. T** *or* *un*tions *r*: *. O*nlV*lu*St**k.*in*V*lu*() - *ir**tly *v*lu*t*s O*NL *xpr*ssions *rom us*r input *. T*xtP*rs*Util.tr*nsl*t*V*ri**l*s() - Pro**ss*s %{..

6.8

Basic Information

Concerned about an active attack path?

CVE-2007-4556: OpenSymphony XWork vulnerable to improper input validation

6.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI