PT-2015-5461 · Apache · Apache Struts

Jasper Rosenberg

Published

2015-07-16

Updated

2022-05-17

CVE-2015-1831

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apache Struts version 2.3.20

Description The default exclude patterns in Apache Struts allow remote attackers to compromise the internal state of an application via unspecified vectors.

Recommendations For Apache Struts version 2.3.20, consider updating to version 2.3.20.1, which includes a better set of exclude patterns to mitigate the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2015-1831

GHSA-Q2CG-XF9P-H457

Affected Products

Apache Struts

PT-2015-5461 · Apache · Apache Struts

CVE-2015-1831

Related Identifiers

Affected Products

References · 7