Reliable OS Shell with - EL [ Expression Language ] - Injection
Tags
attack-pattern: Javascript - T1059.007 Server - T1583.004 Server - T1584.004
Show in Graph
Common Information
Type Value
UUID ca82043f-e14d-43e6-8631-108dfbd63f9f
Fingerprint b098cf157da5d79f
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 23, 2015, 7:42 a.m.
Added to db Jan. 18, 2023, 7:36 p.m.
Last updated Nov. 17, 2024, 12:58 p.m.
Headline Reliable OS Shell with - EL [ Expression Language ] - Injection
Title Reliable OS Shell with - EL [ Expression Language ] - Injection
Detected Hints/Tags/Attributes 36/1/11
Source URLs
Redirection Url
Details Source http://blog.mindedsecurity.com/2015/11/reliable-os-shell-with-el-expression.html
URL Provider
Details Provider Source level domain
Details mindedsecurity.com blog.mindedsecurity.com
Attributes
Details Type #Events CTI Value
Details CVE 3 
cve-2011-2730
Details Domain 1 
newclass.java
Details Domain 138 
java.io
Details Domain 1 
danamodio.com
Details Domain 28 
docs.oracle.com
Details File 1 
newclass.java
Details File 40 
web.xml
Details File 1 
scriptenginemanager.html
Details Url 1 
http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection
Details Url 1 
https://docs.oracle.com/javase/7/docs/api/javax/script/scriptenginemanager.html
Details Url 1 
https://docs.oracle.com/javase/8/docs/api/javax/script/scriptenginemanager.html