Required CVE Record Information
Description
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.
References 8 Total
- securityfocus.com: 91284 vdb-entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1348252
- http://www-01.ibm.com/support/docview.wss?uid=swg21987854
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282
- https://struts.apache.org/docs/s2-040.html
- jvn.jp: JVN#45093481 third-party-advisory
- jvndb.jvn.jp: JVNDB-2016-000113 third-party-advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 8 Total
- securityfocus.com: 91284 vdb-entryx_transferred
- https://bugzilla.redhat.com/show_bug.cgi?id=1348252 x_transferred
- http://www-01.ibm.com/support/docview.wss?uid=swg21987854 x_transferred
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282 x_transferred
- https://struts.apache.org/docs/s2-040.html x_transferred
- jvn.jp: JVN#45093481 third-party-advisoryx_transferred
- jvndb.jvn.jp: JVNDB-2016-000113 third-party-advisoryx_transferred
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html x_transferred