Miggo Logo

CVE-2007-4556: OpenSymphony XWork vulnerable to improper input validation

6.8

CVSS Score

Basic Information

EPSS Score
0.8423%
Published
5/1/2022
Updated
9/11/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
opensymphony:xworkmaven< 1.2.31.2.3
opensymphony:xworkmaven>= 2.0.0, <= 2.0.32.0.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from recursive OGNL evaluation in XWork's expression handling. The core functions are:

  1. OgnlValueStack.findValue() - Directly evaluates OGNL expressions from user input
  2. TextParseUtil.translateVariables() - Processes %{...} syntax patterns These would appear in stack traces when processing malicious payloads containing OGNL expressions. The Struts S2-001 documentation explicitly references these expression evaluation patterns, and the XWork 2.0.4 patch notes indicate changes to OGNL handling in these areas.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

XWork is *n *omm*n*-p*tt*rn *r*m*work t**t is us** to pow*r W**Work *s w*ll *s ot**r *ppli**tions. Struts support in Op*nSymp*ony XWork ***or* *.*.*, *n* *.x ***or* *.*.*, *s us** in W**Work *n* *p**** Struts, r**ursiv*ly *v*lu*t*s *ll input *s *n O*

Reasoning

T** vuln*r**ility st*ms *rom r**ursiv* O*NL *v*lu*tion in XWork's *xpr*ssion **n*lin*. T** *or* *un*tions *r*: *. O*nlV*lu*St**k.*in*V*lu*() - *ir**tly *v*lu*t*s O*NL *xpr*ssions *rom us*r input *. T*xtP*rs*Util.tr*nsl*t*V*ri**l*s() - Pro**ss*s %{..