CVE-2015-1831

描述

The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors. In Struts 2.3.20.1 a better set of exlude patterns was defined.

受影響套件(2)

• Maven/org.apache.struts:struts2-core>= 2.0.0, < 2.3.20.1
• Maven/org.apache.struts.xwork:xwork-core>= 2.0.0, < 2.3.20.1

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-1831
• PATCHhttps://github.com/apache/struts
• WEBhttps://github.com/apache/struts/commit/d832747d647df343ed07a58b1b5e540a05a4d51b
• WEBhttps://struts.apache.org/docs/s2-024.html