In the Convention plugin in Apache Struts 2.3.x prior to 2.3.31, and 2.5.x prior to 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache struts 2.3.20.2 |
||
apache struts 2.3.21 |
||
apache struts 2.3.28 |
||
apache struts 2.3.28.1 |
||
apache struts 2.3.20 |
||
apache struts 2.3.20.1 |
||
apache struts 2.3.25 |
||
apache struts 2.3.26 |
||
apache struts 2.3.27 |
||
apache struts 2.3.24 |
||
apache struts 2.3.22 |
||
apache struts 2.3.23 |
||
apache struts 2.3.29 |
||
apache struts 2.3.30 |
||
apache struts 2.3.24.1 |
||
apache struts 2.3.20.3 |
||
apache struts 2.3.24.2 |
||
apache struts 2.3.24.3 |