JarCasting
JarCasting JarCasting

struts1filter

A request parameter filter solution for Struts 1 CVE-2014-0114 based on the work of Alvaro Munoz and the HP Fortify team

License

License
Categories

Categories

Net
GroupId

GroupId

net.rgielen
ArtifactId

ArtifactId

struts1filter
Last Version

Last Version

1.0.0
Release Date

Release Date
Type

Type

jar
Description

Description

struts1filter
A request parameter filter solution for Struts 1 CVE-2014-0114 based on the work of Alvaro Munoz and the HP Fortify team
Source Code Management

Source Code Management

https://github.com/rgielen/struts1filter

Download struts1filter

Filename Size
struts1filter-1.0.0.pom
struts1filter-1.0.0.jar 7 KB
struts1filter-1.0.0-sources.jar 2 KB
struts1filter-1.0.0-javadoc.jar 36 KB
Browse

How to add to project

<!-- https://jarcasting.com/artifacts/net.rgielen/struts1filter/ -->
<dependency>
    <groupId>net.rgielen</groupId>
    <artifactId>struts1filter</artifactId>
    <version>1.0.0</version>
</dependency>
// https://jarcasting.com/artifacts/net.rgielen/struts1filter/
implementation 'net.rgielen:struts1filter:1.0.0'
// https://jarcasting.com/artifacts/net.rgielen/struts1filter/
implementation ("net.rgielen:struts1filter:1.0.0")
'net.rgielen:struts1filter:jar:1.0.0'
<dependency org="net.rgielen" name="struts1filter" rev="1.0.0">
  <artifact name="struts1filter" type="jar" />
</dependency>
@Grapes(
@Grab(group='net.rgielen', module='struts1filter', version='1.0.0')
)
libraryDependencies += "net.rgielen" % "struts1filter" % "1.0.0"
[net.rgielen/struts1filter "1.0.0"]

Dependencies

compile (1)

Group / Artifact Type Version
commons-logging : commons-logging jar 1.0.4

provided (1)

Group / Artifact Type Version
javax.servlet : servlet-api jar 2.3

Project Modules

There are no modules declared in this project.

struts1filter

A request parameter filter solution for Apache Struts 1 CVE-2014-0114 based on the work of Alvaro Munoz and the HP Fortify team.

To use this filter, add the following filter declaration along with appropriate mapping to the web.xml descriptor of the Apache Struts 1 application to protect:

<filter>
    <filter-name>ParamWrapperFilter</filter-name>
    <filter-class>net.rgielen.struts1.filter.ParamWrapperFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>ParamWrapperFilter</filter-name>
    <servlet-name>YOUR ACTION SERVLET</servlet-name>
</filter-mapping>

The filter comes with a default regular expression to match harmful parameter names, which might be overridden by explicit configuration:

<filter>
    <filter-name>ParamWrapperFilter</filter-name>
    <filter-class>net.rgielen.struts1.filter.ParamWrapperFilter</filter-class>
    <init-param>
        <param-name>excludeParams</param-name>
        <param-value>(.*\.|^|.*|\[('|"))(c|C)lass(\.|('|")]|\[).*</param-value>
    </init-param>
</filter>
...

The filter is released Maven Central. Use the following Maven dependency declaration to incorporate it in your project (Ivy, Gradle and SBT accordingly):

<dependency>
    <groupId>net.rgielen</groupId>
    <artifactId>struts1filter</artifactId>
    <version>1.0.0</version>
</dependency>

It can also be downloaded directly. Use the Central Repository Search with the coordinates provided above to find and download the jar.

Versions

Version
1.0.0