{"id":25118,"date":"2023-12-12T13:48:40","date_gmt":"2023-12-12T18:48:40","guid":{"rendered":"https:\/\/pre-prod.okiok.com\/?p=25118"},"modified":"2024-07-15T10:17:52","modified_gmt":"2024-07-15T15:17:52","slug":"bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-s-filer-portal","status":"publish","type":"post","link":"https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-s-filer-portal\/","title":{"rendered":"Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 – S-Filer Portal"},"content":{"rendered":"

\"\"
\nS-Filer Portal™<\/a> est une solution compl\u00e8te qui permet aux grandes et petites organisations de combler l\u2019ensemble de leurs besoins d\u2019entreprise en mati\u00e8re de transfert et de stockage s\u00e9curis\u00e9 de fichiers.<\/i><\/p>\n

Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 – S-Filer Portal<\/h4>\n

Une vuln\u00e9rabilit\u00e9 impactant Struts 2 a \u00e9t\u00e9 annonc\u00e9 le 7 d\u00e9cembre 2023. Cette vuln\u00e9rabilit\u00e9 permet de manipuler le nom d\u2019un fichier t\u00e9l\u00e9vers\u00e9 pour \u00e9chapper au r\u00e9pertoire des t\u00e9l\u00e9chargements (\u00ab\u202fPath traversal\u202f\u00bb). Une application qui utilise le nom du fichier t\u00e9l\u00e9vers\u00e9 pour le sauvegarder permet d\u2019\u00e9crire \u00e0 un endroit arbitraire sur le disque suite \u00e0 un t\u00e9l\u00e9versement (\u00ab\u202fUpload\u202f\u00bb). Ceci pourrait permettre \u00e0 un attaquant d\u2019ex\u00e9cuter du code sur une machine vuln\u00e9rable. <\/p>\n

Suite \u00e0 l\u2019investigation, S-Filer\/Portal n\u2019utilise pas la fonctionnalit\u00e9 de \u00ab\u202fFile Upload\u202f\u00bb de Struts 2 et n\u2019est pas vuln\u00e9rable. Le t\u00e9l\u00e9versement (\u00ab\u202fUpload\u202f\u00bb) de fichiers dans S-Filer utilise un m\u00e9canisme compl\u00e8tement diff\u00e9rent qui n\u2019est pas impact\u00e9 par une vuln\u00e9rabilit\u00e9 similaire. <\/p>\n

L\u2019\u00e9quipe de support OKIOK<\/p>\n

R\u00e9f\u00e9rence : <\/p>\n

CVE: CVE-2023-50164 (https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-50164<\/a>) <\/p>\n

 <\/p>\n

N\u2019h\u00e9sitez pas \u00e0 communiquer avec notre groupe de soutien si vous avez des questions concernant ce bulletin de s\u00e9curit\u00e9 : support@okiok.com<\/p>\n","protected":false},"excerpt":{"rendered":"

S-Filer Portal™ est une solution compl\u00e8te qui permet aux grandes et petites organisations de combler l\u2019ensemble de leurs besoins d\u2019entreprise en mati\u00e8re de transfert et de stockage s\u00e9curis\u00e9 de fichiers. Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 – S-Filer Portal Une vuln\u00e9rabilit\u00e9 impactant Struts 2 a \u00e9t\u00e9 annonc\u00e9 le 7 d\u00e9cembre 2023. Cette vuln\u00e9rabilit\u00e9 […]<\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[100,173,174,177],"tags":[],"class_list":["post-25118","post","type-post","status-publish","format-standard","hentry","category-blog","category-blogue-fr","category-nouvelles-fr","category-s-filerportal-fr"],"yoast_head":"\nBulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 - S-Filer Portal - OKIOK - Securit\u00e9 dans un monde en changement<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 - S-Filer Portal - OKIOK - Securit\u00e9 dans un monde en changement\" \/>\n<meta property=\"og:description\" content=\"S-Filer Portal™ est une solution compl\u00e8te qui permet aux grandes et petites organisations de combler l\u2019ensemble de leurs besoins d\u2019entreprise en mati\u00e8re de transfert et de stockage s\u00e9curis\u00e9 de fichiers. Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 – S-Filer Portal Une vuln\u00e9rabilit\u00e9 impactant Struts 2 a \u00e9t\u00e9 annonc\u00e9 le 7 d\u00e9cembre 2023. Cette vuln\u00e9rabilit\u00e9 […]\" \/>\n<meta property=\"og:site_name\" content=\"OKIOK - Securit\u00e9 dans un monde en changement\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/okiokdata\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-12T18:48:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-15T15:17:52+00:00\" \/>\n<meta name=\"author\" content=\"Okiok\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@OKIOKdata\" \/>\n<meta name=\"twitter:site\" content=\"@OKIOKdata\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Okiok\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 - S-Filer Portal - OKIOK - Securit\u00e9 dans un monde en changement","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"fr_FR","og_type":"article","og_title":"Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 - S-Filer Portal - OKIOK - Securit\u00e9 dans un monde en changement","og_description":"S-Filer Portal™ est une solution compl\u00e8te qui permet aux grandes et petites organisations de combler l\u2019ensemble de leurs besoins d\u2019entreprise en mati\u00e8re de transfert et de stockage s\u00e9curis\u00e9 de fichiers. Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 – S-Filer Portal Une vuln\u00e9rabilit\u00e9 impactant Struts 2 a \u00e9t\u00e9 annonc\u00e9 le 7 d\u00e9cembre 2023. Cette vuln\u00e9rabilit\u00e9 […]","og_site_name":"OKIOK - Securit\u00e9 dans un monde en changement","article_publisher":"https:\/\/www.facebook.com\/okiokdata\/","article_published_time":"2023-12-12T18:48:40+00:00","article_modified_time":"2024-07-15T15:17:52+00:00","author":"Okiok","twitter_card":"summary_large_image","twitter_creator":"@OKIOKdata","twitter_site":"@OKIOKdata","twitter_misc":{"\u00c9crit par":"Okiok","Dur\u00e9e de lecture estim\u00e9e":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-s-filer-portal\/#article","isPartOf":{"@id":"https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-s-filer-portal\/"},"author":{"name":"Okiok","@id":"https:\/\/www.okiok.com\/fr\/#\/schema\/person\/5d92c7d8760791d758c6a6fe9379a5c5"},"headline":"Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 – S-Filer Portal","datePublished":"2023-12-12T18:48:40+00:00","dateModified":"2024-07-15T15:17:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-s-filer-portal\/"},"wordCount":232,"commentCount":0,"publisher":{"@id":"https:\/\/www.okiok.com\/fr\/#organization"},"articleSection":["Blog","Blogue","Nouvelles","S-Filer\/Portal"],"inLanguage":"fr-FR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-s-filer-portal\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-s-filer-portal\/","url":"https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-s-filer-portal\/","name":"Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 - S-Filer Portal - OKIOK - Securit\u00e9 dans un monde en changement","isPartOf":{"@id":"https:\/\/www.okiok.com\/fr\/#website"},"datePublished":"2023-12-12T18:48:40+00:00","dateModified":"2024-07-15T15:17:52+00:00","breadcrumb":{"@id":"https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-s-filer-portal\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-s-filer-portal\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-s-filer-portal\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/prod.okiok.com\/fr\/"},{"@type":"ListItem","position":2,"name":"Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 – S-Filer Portal"}]},{"@type":"WebSite","@id":"https:\/\/www.okiok.com\/fr\/#website","url":"https:\/\/www.okiok.com\/fr\/","name":"OKIOK - Securit\u00e9 dans un monde en changement","description":"","publisher":{"@id":"https:\/\/www.okiok.com\/fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.okiok.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/www.okiok.com\/fr\/#organization","name":"Okiok","url":"https:\/\/www.okiok.com\/fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.okiok.com\/fr\/#\/schema\/logo\/image\/","url":"https:\/\/www.okiok.com\/wp-content\/uploads\/2017\/06\/logo-okiok-2.png","contentUrl":"https:\/\/www.okiok.com\/wp-content\/uploads\/2017\/06\/logo-okiok-2.png","width":300,"height":369,"caption":"Okiok"},"image":{"@id":"https:\/\/www.okiok.com\/fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/okiokdata\/","https:\/\/x.com\/OKIOKdata","https:\/\/www.linkedin.com\/company-beta\/119436\/"]},{"@type":"Person","@id":"https:\/\/www.okiok.com\/fr\/#\/schema\/person\/5d92c7d8760791d758c6a6fe9379a5c5","name":"Okiok","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.okiok.com\/fr\/#\/schema\/person\/image\/","url":"https:\/\/www.okiok.com\/wp-content\/litespeed\/avatar\/c2ff4924e830f919116b336e837f514b.jpg?ver=1775782282","contentUrl":"https:\/\/www.okiok.com\/wp-content\/litespeed\/avatar\/c2ff4924e830f919116b336e837f514b.jpg?ver=1775782282","caption":"Okiok"}}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/posts\/25118","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/comments?post=25118"}],"version-history":[{"count":2,"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/posts\/25118\/revisions"}],"predecessor-version":[{"id":25120,"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/posts\/25118\/revisions\/25120"}],"wp:attachment":[{"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/media?parent=25118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/categories?post=25118"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/tags?post=25118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}