Published: 23/03/2009 Updated: 19/08/2009

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Multiple directory traversal vulnerabilities in Apache Struts 2.0.x prior to 2.0.12 and 2.1.x prior to 2.1.3 allow remote malicious users to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache struts 2.0.11.1
apache struts 2.0.11.2
apache struts 2.0.6
apache struts 2.0.8
apache struts 2.1.2_beta
apache struts 2.0.9
apache struts 2.0.11

source: wwwsecurityfocuscom/bid/32104/info Struts is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input An attacker can exploit these issues using directory-traversal strings ('/') to download arbitrary files with the privileges of the webserver process Inf ...

CWE-22 http://secunia.com/advisories/32497 http://www.vupen.com/english/advisories/2008/3003 http://struts.apache.org/2.x/docs/s2-004.html http://issues.apache.org/struts/browse/WW-2779 http://www.securityfocus.com/bid/32104 http://osvdb.org/49733 http://osvdb.org/49734 https://nvd.nist.gov https://www.exploit-db.com/exploits/32565/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-6505

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect