CVE-2011-5057

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.3.1.2 and earlier, 2.3.19 through 2.3.23

Description The issue is related to inadequate access restrictions in certain interfaces, potentially allowing remote attackers to modify run-time data values by providing a crafted parameter to an application that implements an affected interface. This could be achieved through interfaces such as SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For Apache Struts versions 2.3.1.2 and earlier, consider configuring the interceptor as a workaround to restrict access to sensitive data. For Apache Struts versions 2.3.19 through 2.3.23, consider configuring the interceptor as a workaround to restrict access to sensitive data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.