> The Apache Group Struts 2.3.20
Not affected system:
> The Apache Group Struts 220.127.116.11
CVE(CAN) ID: CVE-2 0 1 5-1 8 3 1
Struts is for building Web applications of open source.
Struts 2.3.20 using the wrong default the exclude mode, If enabled the default setting, the error of the excludeParams will cover DefaultExcludedPatternsChecker within the defined content, an attacker using this vulnerability can destroy the application's internal state.
<*source: Jasper Rosenberg
The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download: