7.5
CVSSv2

CVE-2015-1831

Published: 16/07/2015 Updated: 22/09/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote malicious users to "compromise internal state of an application" via unspecified vectors.

Affected Products

Vendor Product Versions
ApacheStruts2.3.20

Vendor Advisories

The default exclude patterns (excludeParams) in Apache Struts 2320 allow remote attackers to "compromise internal state of an application" via unspecified vectors ...