CVE-2019-0233

Опубликовано: 14 сент. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

Ссылки

https://cwiki.apache.org/confluence/display/ww/s2-060
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2982840
Permissions Required
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory
https://cwiki.apache.org/confluence/display/ww/s2-060
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2982840
Permissions Required
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.5.20 (включая)

Конфигурация 2

Одно из

cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*

Версия до 8.0.23 (включая)

EPSS

Процентиль: 93%

0.09311

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-281

Связанные уязвимости

CVE-2019-0233

CVSS3: 7.5

ubuntu

больше 5 лет назад

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

CVE-2019-0233

CVSS3: 7.5

redhat

больше 5 лет назад

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

CVE-2019-0233

CVSS3: 7.5

debian

больше 5 лет назад

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cau ...

GHSA-ccp5-gg58-pxfm

CVSS3: 7.5

github

больше 3 лет назад

Improper Preservation of Permissions in Apache Struts

BDU:2024-08702

CVSS3: 7.5

fstec

больше 5 лет назад

Уязвимость библиотеки struts2-core программной платформы Apache Struts, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 93%

0.09311

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-281