Lucene search

[email protected]CVE-2014-7809

HistoryDec 10, 2014 - 3:59 p.m.

CVE-2014-7809

2014-12-1015:59:01

CWE-352

[email protected]

web.nvd.nist.gov

cve-2014-7809

apache struts

csrf

nvd

6.7 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.7%

JSON

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.

Affected configurations

NVD

Node

apachestrutsMatch2.0.0

apachestrutsMatch2.0.1

apachestrutsMatch2.0.2

apachestrutsMatch2.0.3

apachestrutsMatch2.0.4

apachestrutsMatch2.0.5

apachestrutsMatch2.0.6

apachestrutsMatch2.0.7

apachestrutsMatch2.0.8

apachestrutsMatch2.0.9

apachestrutsMatch2.0.10

apachestrutsMatch2.0.11

apachestrutsMatch2.0.11.1

apachestrutsMatch2.0.11.2

apachestrutsMatch2.0.12

apachestrutsMatch2.0.13

apachestrutsMatch2.0.14

apachestrutsMatch2.1.0

apachestrutsMatch2.1.1

apachestrutsMatch2.1.2

apachestrutsMatch2.1.3

apachestrutsMatch2.1.4

apachestrutsMatch2.1.5

apachestrutsMatch2.1.6

apachestrutsMatch2.1.8

apachestrutsMatch2.1.8.1

apachestrutsMatch2.2.1

apachestrutsMatch2.2.1.1

apachestrutsMatch2.2.3

apachestrutsMatch2.2.3.1

apachestrutsMatch2.3.1

apachestrutsMatch2.3.1.1

apachestrutsMatch2.3.1.2

apachestrutsMatch2.3.3

apachestrutsMatch2.3.4

apachestrutsMatch2.3.4.1

apachestrutsMatch2.3.7

apachestrutsMatch2.3.8

apachestrutsMatch2.3.12

apachestrutsMatch2.3.14

apachestrutsMatch2.3.14.1

apachestrutsMatch2.3.14.2

apachestrutsMatch2.3.14.3

apachestrutsMatch2.3.15

apachestrutsMatch2.3.15.1

apachestrutsMatch2.3.15.2

apachestrutsMatch2.3.15.3

apachestrutsMatch2.3.16

apachestrutsMatch2.3.16.1

apachestrutsMatch2.3.16.2

apachestrutsMatch2.3.16.3

CPENameOperatorVersion
apache:strutsapache strutseq2.0.0
apache:strutsapache strutseq2.0.1
apache:strutsapache strutseq2.0.2
apache:strutsapache strutseq2.0.3
apache:strutsapache strutseq2.0.4
apache:strutsapache strutseq2.0.5
apache:strutsapache strutseq2.0.6
apache:strutsapache strutseq2.0.7
apache:strutsapache strutseq2.0.8
apache:strutsapache strutseq2.0.9

CPE	Name	Operator	Version
apache:struts	apache struts	eq	2.0.0
apache:struts	apache struts	eq	2.0.1
apache:struts	apache struts	eq	2.0.2
apache:struts	apache struts	eq	2.0.3
apache:struts	apache struts	eq	2.0.4
apache:struts	apache struts	eq	2.0.5
apache:struts	apache struts	eq	2.0.6
apache:struts	apache struts	eq	2.0.7
apache:struts	apache struts	eq	2.0.8
apache:struts	apache struts	eq	2.0.9