CVE-2007-4385: OWASP Stinger Servlet Input Validation Filter Bypass

Key Vulnerability Information Vulnerability Overview Title: Bypassing servlet input validation filters (OWASP Stinger + Struts example) Release Date: 2007.08.22 Risk Level: Medium CVE ID: CVE-2007-4385 CVSS Score: - Base Score: 6.8/10 - Impact Subscore: 6.4/10 - Confidentiality Impact: Partial - Integrity Impact: Partial - Availability Impact: Partial - Exploitability Subscore: 8.6/10 - Authentication: No required Vulnerability Details Cause: - The OWASP Stinger vulnerability stems from the assumption that all incoming request content is form-urlencoded. In simple J2EE web applications, Stinger and the application use the same method to access HTTP parameters. However, in frameworks that abstract the HTTP protocol and provide automatic request processing and parsing, this assumption can lead to filter bypass. - HTTP requests encoded in multipart format are not subject to parameter checks, potentially allowing unvalidated data to be passed to the application, leading to security vulnerabilities such as XSS or SQL injection. Testing Method Existing servlet filter implementations can be tested using a WebScarab beanshell script. Recommendations Servlet filters should handle multipart requests and perform input validation. Applications should not rely solely on filters for input validation. If the application does not require multipart requests, automatic processing should be disabled. Vulnerability Timeline 2007-07-18: Vulnerability details sent to maintainers 2007-07-23: Vulnerability details resent 2007-07-26: Initial vendor response 2007-08-05: Quick fix (Stinger 2.5) implemented Reference Links 1. Java Servlet Filters 2. Form-based File Upload in HTML 3. ServletRequest 4. OWASP Stinger Project 5. Struts Validator 6. Validation

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2007-4385: OWASP Stinger Servlet Input Validation Filter Bypass