Executive Summary
Summary | |
---|---|
Title | Apache Struts2 ClassLoader allows access to class properties via request parameters |
Informations | |||
---|---|---|---|
Name | VU#719225 | First vendor Publication | 2014-04-25 |
Vendor | VU-CERT | Last vendor Modification | 2014-04-28 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#719225Apache Struts2 ClassLoader allows access to class properties via request parametersOverviewApache Struts2 2.3.16.1 and earlier contain a vulnerability where the ClassLoader allows access to class properties via request parameters Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThis vulnerability was publicly reported by Apache Struts2. This document was written by Michael Orlando and David Svoboda. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/719225 |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-06-25 | IAVM : 2015-B-0083 - Multiple Vulnerabilities in IBM Storwize V7000 Unified Severity : Category I - VMSKEY : V0060983 |
2014-07-03 | IAVM : 2014-B-0090 - Multiple Vulnerabilities in VMware vCenter Operations Severity : Category I - VMSKEY : V0052895 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-05-25 | Apache Struts ParametersInterceptor classloader access attempt RuleID : 30792 - Revision : 6 - Type : SERVER-APACHE |
2014-05-25 | Apache Struts ParametersInterceptor classloader access attempt RuleID : 30790 - Revision : 6 - Type : SERVER-APACHE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-06-26 | Name : The remote IBM Storwize device is affected by multiple vulnerabilities. File : ibm_storwize_1_5_0_2.nasl - Type : ACT_GATHER_INFO |
2015-05-08 | Name : A web application running on the remote host is affected by multiple vulnerab... File : mysql_enterprise_monitor_2_3_17.nasl - Type : ACT_GATHER_INFO |
2015-05-08 | Name : A web application running on the remote host is affected by multiple vulnerab... File : mysql_enterprise_monitor_3_0_11.nasl - Type : ACT_GATHER_INFO |
2015-01-30 | Name : The remote web server contains a web application that uses a Java framework t... File : struts_2_3_16_1_win_local.nasl - Type : ACT_GATHER_INFO |
2014-07-07 | Name : The remote host has a virtualization appliance installed that is affected by ... File : vcenter_operations_manager_vmsa_2014-0007.nasl - Type : ACT_GATHER_INFO |
2014-04-29 | Name : The remote web server contains a web application that uses a Java framework t... File : struts_2_3_16_2_dos.nasl - Type : ACT_DENIAL |
2014-03-26 | Name : The remote web server contains a web application that uses a Java framework t... File : struts_2_3_16_1_classloader_manipulation.nasl - Type : ACT_ATTACK |
Alert History
Date | Informations |
---|---|
2015-06-27 13:28:58 |
|
2015-05-09 13:27:33 |
|
2015-01-31 13:23:14 |
|
2014-05-01 13:24:45 |
|
2014-04-30 13:21:31 |
|
2014-04-28 21:20:10 |
|
2014-04-25 21:24:19 |
|