Vulmon Recent Vulnerabilities Trends Blog About Contact
6.8
CVSSv2

CVE-2014-7809

Published: 10/12/2014 Updated: 09/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Struts

Vulnerability Summary

Apache Struts 2.0.0 up to and including 2.3.x prior to 2.3.20 uses predictable <s:token/> values, which allows remote malicious users to bypass the CSRF protection mechanism.

Vendor Advisories

Oracle: Oracle Critical Patch Update Advisory - April 2015
Oracle Critical Patch Update Advisory - April 2015 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus, prior Critical Patch ...
Oracle: Oracle Critical Patch Update Advisory - October 2016
Oracle Critical Patch Update Advisory - October 2016 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
Oracle: Oracle Critical Patch Update Advisory - July 2015
Oracle Critical Patch Update Advisory - July 2015 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus, prior Critical Patch U ...

Github Repositories

struts-csrf-cracker

Proof of concept code to predict Struts2 CSRF Token < 2.3.20

Proof of concept code to predict Struts CSRF token [S2-023] For a complete explanation, you can read : Predicting Struts CSRF Token (CVE-2014-7809) Execution preview: == Initial token H6P3Y3GHIC2865ASZVQ913NR93QZO7BR == Initial token in hex (easier evaluation) 14b08fcbf6523eecd7dd7d3e89cf97d6f478db5617 Guessing part == bytes representation (reconstructed byte array) 14b08fc

maven-security-versions-Travis

Maven Security Versions Identify vulnerable libraries in Maven dependencies The plugin is based on versions-maven-plugin It use the victims database has source for CVEs and Maven artifact mapping Usage &gt; mvn comredhatvictimsmaven:security-versions:check [INFO] Scanning for projects [INFO] [INFO] -----------------------------------------------------------------

maven-security-versions

Identify vulnerable libraries in Maven dependencies

Maven Security Versions Identify vulnerable libraries in Maven dependencies The plugin is based on versions-maven-plugin It use the victims database has source for CVEs and Maven artifact mapping Usage &gt; mvn comredhatvictimsmaven:security-versions:check [INFO] Scanning for projects [INFO] [INFO] -----------------------------------------------------------------

References

CWE-352http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.htmlhttp://struts.apache.org/docs/s2-023.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.securityfocus.com/archive/1/534175/100/0/threadedhttp://www.securityfocus.com/bid/71548http://www.securitytracker.com/id/1031309https://www.rapid7.com/db/vulnerabilities/struts-cve-2014-7809https://github.com/h3xstream/struts-csrf-crackerhttps://nvd.nist.govhttp://tools.cisco.com/security/center/viewAlert.x?alertId=38390
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-26116file inclusionCVE-2020-25140CVE-2020-15210CVE-2020-15373CVE-2020-25146CVE-2020-17382cpanelvalidationNULL pointer dereference