Versions Compared

Old Version 6

changes.mady.by.user René Gielen

Saved on

compared with

New Version 7

changes.mady.by.user René Gielen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Who should read this

All Struts 2 developers and users

Impact of vulnerability

If a production system using Struts 2 was has been updated to fix a particular historic security issue and was not updated thereafter to fix later documented security issues up to and including S2-057, it is possible that said production system is still vulnerable to the specific vulnerability that was meant to be fixed by a taking measures as explained in the affected historic security issue bulletin.

Maximum security rating

Moderate

Recommendation

Upgrade to Struts 2.3.35 or Struts 2.5.17

Affected Software

Struts 2.0.0 - 2.5.12

Reporter

Ben Ronallo from the Black Duck research team within Synopsys

CVE Identifier

-

...

Struts Security Bulletins contain a listing of affected GA release versions for given issues, along with a recommended minimum GA release version to fix this particular issue. Thorough investigations conducted by the reporting entity revealed that in many cases more Struts releases were affected than originally reported and that higher minimum fix versions are required.

...

Security BulletinPreviously announced Affected ReleasesUpdated Affected GA Affected ReleasesMinimum Fix GA VersionsReleasesCVE IdentifierIdentifiers
S2-0022.0.0 - 2.0.11

2.0.0 - 2.1.8.1

2.2.1
S2-0032.0.0 - 2.0.11.22.0.0 - 2.1.8.12.2.1

CVE-2008-6504

S2-0042.0.0 - 2.0.11.2

2.0.0 - 2.0.11.2

2.1.0 - 2.1.2

2.0.12

2.1.6

CVE-2008-6505

S2-0082.1.0 - 2.3.1

2.0.0 - 2.2.3

2.0.0 - 2.3.17

2.2.3.1

2.3.18

CVE-2012-0391

CVE-2012-0394

S2-012Struts Showcase App 2.0.0 - 2.3.132.0.0 - 2.3.14.22.3.14.3

CVE-2013-1965

S2-013

2.0.0 - 2.3.13

2.0.0 - 2.3.14.1

2.3.14.2

CVE-2013-1966

S2-020

2.0.0 - 2.3.16

2.0.0 - 2.3.16.12.3.16.2

CVE-2014-0094

S2-0212.0.0 - 2.3.16.1

2.0.0 - 2.3.16.3

2.3.20

CVE-2014-0112

CVE-2014-0113

S2-0222.0.0 - 2.3.16.12.0.0 - 2.3.16.32.3.20

CVE-2014-0116

S2-041

2.3.20 - 2.3.28.1

2.5

2.3.20 - 2.3.28.1

2.5 - 2.5.12

2.3.29

2.5.13

CVE-2016-4465

S2-042

2.3.20 - 2.3.30

2.3.1-2.3.30

2.5 - 2.5.2

2.3.31

2.5.5

CVE-2016-6795

S2-044

2.5 - 2.5.5

2.5 - 2.5.122.5.13

CVE-2016-8738

S2-048Struts Showcase App 2.3.x

2.1.x - 2.3.x

-

CVE-2017-9791

S2-051

2.3.7 - 2.3.33

2.5 - 2.5.12

2.1.6 - 2.3.33

2.5 - 2.5.12

2.3.34

2.5.13

CVE-2017-9793

S2-053

2.0.1-2.3.33

2.5-2.5.10

2.0.0-2.3.33

2.5-2.5.10.1

2.3.34

2.5.12

CVE-2017-12611

...