CVE-2011-5057Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-5057 | First vendor Publication | 2012-01-08 |
| Vendor | Cve | Last vendor Modification | 2012-01-09 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5057 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 77599 | Struts2 SessionAware / RequestAware Request Parsing Session Map Manipulation |
Internal Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2013-05-10 23:12:20 |
|
(Critical)
