CVE-2014-7809

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 2.3.x before 2.3.20

Description The issue is related to the use of predictable s:token/ values, which allows remote attackers to bypass the CSRF protection mechanism. This can enable a remote attacker to perform a CSRF attack.

Recommendations For Apache Struts versions 2.0.0 through 2.3.x before 2.3.20, update to version 2.3.20 or later to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures to minimize the risk of exploitation.