...
Excerpt |
---|
Special |
Who should read this | All Struts 2 developers and users |
---|---|
Impact of vulnerability | Manipulation of Struts' internals, altering of user session, container's web context modification |
Maximum security rating | High |
Recommendation | Update regex used to excluded vulnerable incoming parameters. An upgrade to Struts 2.3.24.1 is recommended. |
Affected Software | Struts 2.0.0 - Struts Struts 2.3.24 |
Reporter | rskvp93 at gmail dot com from Viettel Information Security Center |
CVE Identifier | TBD |
...