摘要
Struts2是一种web开发框架,当前被广泛应用到大型互联网企业、政府及金融机构的网站建设中。由于Struts2的相对底层性,导致整个web系统对其安全性的依赖程度很高。近期,Apache公司公布了Struts2的两个安全漏洞,引起业界的高度重视,本文将介绍Struts2的基本概念及这两个漏洞形成的原理,并详细介绍其利用方式及给出利用示例,同时在给出漏洞防范措施的基础上对此类安全问题的防范进行总结和思考。
Structs2 is a web development framework widely applied to website building in large internet companies,the government and financial institutions.As a website bottom template,the whole web system is heavily dependent on its safety.Recently Apache has revealed two security vulnerabilities of Structs2, drawing much attention.This paper introduces Structs2’s basic concept and the forming principle of its two vulnerabilities,illustrates how to utilize them with examples,and concludes with the way to prevent them.
出处
《电子测试》
2014年第10X期61-63,共3页
Electronic Test