CVE-2011-2088

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.2.1 OpenSymphony WebWork version 2.2.1

Description The issue allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method.

Recommendations For Apache Struts version 2.2.1, update to a version that fixes this issue. For OpenSymphony WebWork version 2.2.1, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the s:submit element to minimize the risk of exploitation.