EL3 Injection
Variants:
Direct Persistent Session
Also Known As:
Lambda Injection
Vector Type:
Attack
Relevance:
Technology Specific
Layer:
Application-Level
Platforms:
Java, EL3
Target Type:
Application
Affected Mechanisms:
Input Validation, Syntax Escaping
Invented In:
17/12/2014
Added In:
21/12/2014
Vector Operation Method:
Applications integrating tainted user-controlled input into eval clauses of the EL3.0 ELProcessor class, could be abused by attackers for RCE, denial of service and system information disclosure.
