CVE-2015-5209

Name of the Vulnerable Software and Affected Versions Apache Struts versions prior to 2.3.24.1

Description The issue is related to the implementation of the ValueStack interface in the Apache Struts platform, specifically with insufficient input validation when handling objects with the top parameter. This can be exploited by a remote attacker to gain read, modify, or delete access to data. The top object, which represents the root of the execution context, can be manipulated to alter user sessions or affect container settings.

Recommendations For Apache Struts versions prior to 2.3.24.1, update to version 2.3.24.1 or later to resolve the issue. As a temporary workaround, consider applying a better regex pattern to exclude request parameters that attempt to use the top object, until a patch is applied.