7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
xwork-core is vulnerable to denial of service (DoS) attacks. The library does not check if a authenticated user is allowed to access to edit the actions of a service, allowing a malicious user to block other users from accessing the service.
CPE | Name | Operator | Version |
---|---|---|---|
xwork: core | le | 2.3.32 | |
struts 2 core | le | 2.5.10.1 | |
struts 2 core | le | 2.3.32 |
struts.apache.org/docs/s2-049.html
www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
www.securityfocus.com/bid/99562
www.securitytracker.com/id/1039115
cwiki.apache.org/confluence/display/WW/S2-049
github.com/apache/struts/pull/142
issues.apache.org/jira/browse/WW-4805
lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E
lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E
security.netapp.com/advisory/ntap-20180706-0002/
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P