Описание
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
Ссылки
- MitigationVendor Advisory
- PatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- MitigationVendor Advisory
- PatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.94263
Критический
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-20
CWE-20
Связанные уязвимости
CVSS3: 9.8
ubuntu
около 8 лет назад
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
CVSS3: 8.1
redhat
около 8 лет назад
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
CVSS3: 9.8
debian
около 8 лет назад
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remot ...
fstec
около 8 лет назад
Уязвимость плагина Struts 1 программной платформы Apache Struts, позволяющая нарушителю выполнить произвольный код
EPSS
Процентиль: 100%
0.94263
Критический
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-20
CWE-20