CVE-2015-0899
HIGH7.5EPSS 69.5%libstruts1.2-java - security update
發布日:2022/5/14修改日:2026/3/9
描述
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.
受影響套件(4)
- Debian/libstruts1.2-javafrom 0, < 1.2.9-4+deb6u2
- Debian/libstruts1.2-javafrom 0, < 1.2.9-5+deb7u2
- Maven/org.apache.struts:struts-core>= 1.1, <= 1.3.10
- Maven/struts:struts>= 1.1, <= 1.2.9
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-0899
- PATCHhttps://github.com/apache/struts
- WEBhttp://jvndb.jvn.jp/jvndb/JVNDB-2015-000042
- WEBhttp://jvn.jp/en/jp/JVN86448949/index.html
- WEBhttps://en.osdn.jp/projects/terasoluna/wiki/StrutsPatch2-EN
- WEBhttps://security.netapp.com/advisory/ntap-20180629-0006
- WEBhttp://www.debian.org/security/2016/dsa-3536
- WEBhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html