PT-2011-3579 · Opensymphony+1 · Opensymphony Webwork+1

Marian Ventuneac

Published

2011-05-13

Updated

2022-05-14

CVE-2011-2088

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.2.1 OpenSymphony WebWork version 2.2.1

Description The issue allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method.

Recommendations For Apache Struts version 2.2.1, update to a version that fixes this issue. For OpenSymphony WebWork version 2.2.1, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the s:submit element to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2011-2088

GHSA-9CCM-G362-2R35

Affected Products

Apache Struts

Opensymphony Webwork

PT-2011-3579 · Opensymphony+1 · Opensymphony Webwork+1

CVE-2011-2088

Weakness Enumeration

Related Identifiers

Affected Products

References · 12