5
CVSSv2

CVE-2015-0899

Published: 04/07/2016 Updated: 01/07/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

The MultiPageValidator implementation in Apache Struts 1 1.1 up to and including 1.3.10 allows remote malicious users to bypass intended access restrictions via a modified page parameter.

Vulnerability Trend

Vendor Advisories

The MultiPageValidator implementation in Apache Struts 1 11 through 1310 allows remote attackers to bypass intended access restrictions via a modified page parameter ...
The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring (ITM) portal server ...
Oracle Critical Patch Update Advisory - October 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the ...
Multiple security vulnerabilities have been identified and fixed in the IBM Security Privileged Identity Manager Appliance ...

Github Repositories

Security patch for struts 1.3.8

struts-mini Security patch for struts 138 Struts 1 already stop official supporting for many years In these years, a few critical security vulnerabilities were found in struts 1 This project is a security patch for struts 138, below security vulnerabilities are solved: CVE-2016-1182 ActionServletjava in Apache Struts 1 1x through 1310 does not properly restrict the Va