7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated.
On a server where Apache Struts in running, a remote attacker may steal information or execute arbitrary code.
Update the Software
On 2014 April 25, Apache Struts 2.3.16.2 which contains a fix for this vulnerability has been released.
Upgrade the software according to the information provided by the developer.
Apply a Workaround
If Apache Struts 2.3.16.2 cannot be applied immediately, apply the following workaround which enables to mitigate the affects of this vulnerability.