Read Time:26 Second

Description

The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-77
CWE-74
CWE-77
CWE-77

 

Consequences

Confidentiality: Read Application Data

Integrity: Execute Unauthorized Code or Commands

 

Potential Mitigations

CVE References