Lucene search

K
osvGoogleOSV:DSA-2940-1
HistoryAug 21, 2014 - 12:00 a.m.

libstruts1.2-java - security update

2014-08-2100:00:00
Google
osv.dev
16

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

It was discovered that missing access checks in the Struts ActionForm
object could result in the execution of arbitrary code.

For the stable distribution (wheezy), this problem has been fixed in
version 1.2.9-5+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 1.2.9-9.

We recommend that you upgrade your libstruts1.2-java packages.

CPENameOperatorVersion
libstruts1.2-javaeq1.2.9-5

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P