...
Who should read this | All Struts 2 developers and users |
---|---|
Impact of vulnerability | If a production system using Struts 2 was has been updated to fix a particular historic security issue and was not updated thereafter to fix later documented security issues up to and including S2-057, it is possible that said production system is still vulnerable to the specific vulnerability that was meant to be fixed by a taking measures as explained in the affected historic security issue bulletin. |
Maximum security rating | Moderate |
Recommendation | |
Affected Software | Struts 2.0.0 - 2.5.12 |
Reporter | Ben Ronallo from the Black Duck research team within Synopsys |
CVE Identifier | - |
...
Struts Security Bulletins contain a listing of affected GA release versions for given issues, along with a recommended minimum GA release version to fix this particular issue. Thorough investigations conducted by the reporting entity revealed that in many cases more Struts releases were affected than originally reported and that higher minimum fix versions are required.
...
Security Bulletin | Previously announced Affected Releases | Updated Affected GA Affected Releases | Minimum Fix GA VersionsReleases | CVE IdentifierIdentifiers |
---|---|---|---|---|
S2-002 | 2.0.0 - 2.0.11 | 2.0.0 - 2.1.8.1 | 2.2.1 | |
S2-003 | 2.0.0 - 2.0.11.2 | 2.0.0 - 2.1.8.1 | 2.2.1 | CVE-2008-6504 |
S2-004 | 2.0.0 - 2.0.11.2 | 2.0.0 - 2.0.11.2 2.1.0 - 2.1.2 | 2.0.12 2.1.6 | CVE-2008-6505 |
S2-008 | 2.1.0 - 2.3.1 | 2.0.0 - 2.2.3 2.0.0 - 2.3.17 | 2.2.3.1 2.3.18 | CVE-2012-0391 CVE-2012-0394 |
S2-012 | Struts Showcase App 2.0.0 - 2.3.13 | 2.0.0 - 2.3.14.2 | 2.3.14.3 | CVE-2013-1965 |
S2-013 | 2.0.0 - 2.3.13 | 2.0.0 - 2.3.14.1 | 2.3.14.2 | CVE-2013-1966 |
S2-020 | 2.0.0 - 2.3.16 | 2.0.0 - 2.3.16.1 | 2.3.16.2 | CVE-2014-0094 |
S2-021 | 2.0.0 - 2.3.16.1 | 2.0.0 - 2.3.16.3 | 2.3.20 | CVE-2014-0112 CVE-2014-0113 |
S2-022 | 2.0.0 - 2.3.16.1 | 2.0.0 - 2.3.16.3 | 2.3.20 | CVE-2014-0116 |
S2-041 | 2.3.20 - 2.3.28.1 2.5 | 2.3.20 - 2.3.28.1 2.5 - 2.5.12 | 2.3.29 2.5.13 | CVE-2016-4465 |
S2-042 | 2.3.20 - 2.3.30 | 2.3.1-2.3.30 2.5 - 2.5.2 | 2.3.31 2.5.5 | CVE-2016-6795 |
S2-044 | 2.5 - 2.5.5 | 2.5 - 2.5.12 | 2.5.13 | CVE-2016-8738 |
S2-048 | Struts Showcase App 2.3.x | 2.1.x - 2.3.x | - | CVE-2017-9791 |
S2-051 | 2.3.7 - 2.3.33 2.5 - 2.5.12 | 2.1.6 - 2.3.33 2.5 - 2.5.12 | 2.3.34 2.5.13 | CVE-2017-9793 |
S2-053 | 2.0.1-2.3.33 2.5-2.5.10 | 2.0.0-2.3.33 2.5-2.5.10.1 | 2.3.34 2.5.12 | CVE-2017-12611 |
...