5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.966 High
EPSS
Percentile
99.6%
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before
2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary
files via a …%252f (encoded dot dot slash) in a URI with a /struts/ path,
related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader
in 2.1.x.
Author | Note |
---|---|
kees | does not seem to apply to 1.2.x series |