GoogleOSV:GHSA-WM8W-QP2F-728QApache Struts Open Redirect
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
76.8%
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.
References
jvn.jp/en/jp/JVN45093481/index.html
jvndb.jvn.jp/jvndb/JVNDB-2016-000112
www-01.ibm.com/support/docview.wss?uid=ssg1S1009282
www-01.ibm.com/support/docview.wss?uid=swg21987854
www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
bugzilla.redhat.com/show_bug.cgi?id=1348251
github.com/apache/struts
github.com/apache/struts/commit/b28b78c062f0bf3c79793a25aab8c9b6c12bce6e
nvd.nist.gov/vuln/detail/CVE-2016-4433
struts.apache.org/docs/s2-039.html
web.archive.org/web/20210123144955/www.securityfocus.com/bid/91282
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
76.8%