5
CVSSv2

CVE-2008-6505

Published: 23/03/2009 Updated: 21/11/2024

Vulnerability Summary

Multiple directory traversal vulnerabilities in Apache Struts 2.0.x prior to 2.0.12 and 2.1.x prior to 2.1.3 allow remote malicious users to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.

Vulnerable Product Search on Vulmon Subscribe to Product

apache struts 2.0.6

apache struts 2.0.8

apache struts 2.0.9

apache struts 2.0.11

apache struts 2.0.11.1

apache struts 2.0.11.2

apache struts 2.1.2 beta

Exploits

source: wwwsecurityfocuscom/bid/32104/info Struts is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input An attacker can exploit these issues using directory-traversal strings ('/') to download arbitrary files with the privileges of the webserver process Inf ...