• S5_370234
  • 14.8KB
  • zip
  • 0
  • VIP专享
  • 0
  • 2022-06-15 18:55
Apache Struts项目提供了Apache Struts 2 Web框架,该框架是用于创建基于Web的Java应用程序的全面的模块化工具堆栈。 来自WebWork 2框架的Struts 2,对于重视解决难题的优雅解决方案的团队来说,是一个绝佳的选择。https://mirrors.tuna.tsinghua.edu.cn/apache/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/
# Apache Struts 2 Extras - Secure Jakarta Stream Multipart parser plugin [![Maven Central](https://maven-badges.herokuapp.com/maven-central/org.apache.struts/struts2-secure-jakarta-stream-multipart-parser-plugin/badge.svg)](https://maven-badges.herokuapp.com/maven-central/org.apache.struts/struts2-secure-jakarta-stream-multipart-parser-plugin/) [![License](http://img.shields.io/:license-apache-blue.svg)](http://www.apache.org/licenses/LICENSE-2.0.html) This plugin provides a safe implementation of the Jakarta Stream Multipart parser from the Struts Core. It can be used to mitigate vulnerability described in the [S2-045](http://struts.apache.org/docs/s2-045.html) Security Bulletin. You should use this plugin in case you are not able to migrate to the latest Struts version. ## Supported versions This plugins can be used with the Apache Struts versions 2.3.20 till 2.5.5, if you are running the Apache Struts 2.5.8+ you must migrate to the latest version which is [Struts](http://struts.apache.org/announce.html#a20170307). ## How to use it Just drop the jar into `WEB-INF/libs` folder and add the bellow definition into your `struts.xml`: - if you are running the Apache Struts 2.3.8 - 2.3.31 ```xml <bean type="org.apache.struts2.dispatcher.multipart.MultiPartRequest" class="org.apache.struts.extras.SecureJakartaStreamMultiPartRequest" name="secure-jakarta-stream" scope="default"/> <constant name="struts.multipart.parser" value="secure-jakarta-stream"/> ``` - if you are running the Apache Struts 2.5 - 2.5.5 ```xml <bean type="org.apache.struts2.dispatcher.multipart.MultiPartRequest" class="org.apache.struts.extras.SecureJakartaStreamMultiPartRequest" name="secure-jakarta-stream" scope="prototype"/> <constant name="struts.multipart.parser" value="secure-jakarta-stream"/> ``` and then restart your application, you can use one of the existing PoCs to test if everything is ok. If you are using Maven to build your project, please add the following dependency into your pom: ```xml <dependency> <groupId>org.apache.struts</groupId> <artifactId rel='nofollow' onclick='return false;'>struts2-secure-jakarta-stream-multipart-parser-plugin</artifactId> <version>1.0</version> </dependency> ``` If you are not building with Maven or you simply need the Jar to drop it into an existing Struts 2 based application deployment, you can [download it directly from Maven Central](http://search.maven.org/remotecontent?filepath=org/apache/struts/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar). ## Remarks Please be aware that this is just a temporary solution, you should consider migration to the latest version anyway.
    • apache struts pdf
      apache struts pdf, how to use struts and how to build struts projects
    • apache struts2
      apache struts2, what's the spring, and how do we use it
    • Apache-Struts-v4
      Apache-Struts-v4 脚本脚本第5章常规的RCE和ApacheStruts的常规用法。 通过PHP即时安装单独的contiene la capacidad。 CVE添加 CVE ID 描述 CVE-2013-2251 Apache Struts 2.0.0至2.3.15允许远程攻击者通过带有...
    • Apache+Struts2验证
    • Struts-API
      Apache Struts Framework (Version 1.2.9)
    • Practical Apache Struts2 Web 2.0 Projects
      struts 2的api查询文档, Ian Roughley 写的APress - Practical Apache Struts2 Web 2.0 Projects.2007.pdf 是外文的,正好可以锻炼下英文阅读
    • example-apache-struts
      example-apache-struts 跑步 http://localhost:8080/example-apache-struts/index.action
    • Apache Struts Framework (Version 1.2.7).
      Apache Struts Framework (Version 1.2.7).
    • org.apache.struts缺少所需包
      import org.apache.struts.action.ActionForm;import org.apache.struts.action.ActionForward;import org.apache.struts.action.ActionMapping;import org.apache.struts.actions.DispatchAction等缺少
    • apache struts
      apache struts