Описание
Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
Ссылки
- Vendor Advisory
- VDB EntryVendor Advisory
- Third Party Advisory
- Third Party Advisory
- Issue Tracking
- Vendor Advisory
- Vendor Advisory
- VDB EntryVendor Advisory
- Third Party Advisory
- Third Party Advisory
- Issue Tracking
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02845
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
ubuntu
больше 9 лет назад
Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
redhat
больше 9 лет назад
Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
CVSS3: 8.8
debian
больше 9 лет назад
Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, w ...
EPSS
Процентиль: 86%
0.02845
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352