7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Struts 2 Core is vulnerable to class loader manipulation vulnerability. The vulnerability exists because the getClass method does not properly restrict access to cookies as it accepts all cookie names when “\*” is used to configure cookiesName parameter which allows remote attackers to manipulate the class loader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
CPE | Name | Operator | Version |
---|---|---|---|
struts 2 core | le | 2.3.16.1 | |
struts 2 core | le | 2.0.4 | |
xwork: core | le | 2.3.16.1 | |
struts 2 core | le | 2.3.16.1 | |
struts 2 core | le | 2.0.4 | |
xwork: core | le | 2.3.16.1 |
secunia.com/advisories/59178
www-01.ibm.com/support/docview.wss?uid=swg21676706
www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
www.securityfocus.com/archive/1/531952/100/0/threaded
www.securityfocus.com/archive/1/archive/1/531952/100/0/threaded
cwiki.apache.org/confluence/display/WW/S2-021
github.com/apache/struts/commit/1be8ed61e499b58b3fb6a45253f47865f83f35fb
srcclr.com/security/arbitrary-code-execution/java/s-759
srcclr.com/security/remote-classloader-manipulation/java/s-770
srcclr.com/security/session-state-modification-when-wildcard/java/s-757