Published: 08/01/2012 Updated: 12/08/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Apache Struts 2.3.1.2 and previous versions, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote malicious users to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache struts

source: wwwsecurityfocuscom/bid/50940/info Apache Struts is prone to a security-bypass vulnerability that allows session tampering Successful attacks will allow attackers to bypass security restrictions and gain unauthorized access Apache Struts versions 209 and 2181 are vulnerable; other versions may also be affected w ...

CWE-264 https://issues.apache.org/jira/browse/WW-3631 http://secunia.com/advisories/47109 http://codesecure.blogspot.com/2011/12/struts-2-session-tampering-via.html https://issues.apache.org/jira/browse/WW-2264 https://nvd.nist.gov https://www.exploit-db.com/exploits/36426/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-5057

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect