Open mend-for-github-com[bot] opened 3 years ago
Apache Struts
Library home page: http://struts.apache.org
Path to vulnerable library: /home/wss-scanner/.ivy2/cache/org.apache.struts/struts-core/jars/struts-core-1.3.8.jar
Dependency Hierarchy: - velocity-tools-2.0.jar (Root Library) - :x: **struts-core-1.3.8.jar** (Vulnerable Library)
Found in HEAD commit: d5a0ed9bff63893a5435e09333d22846f6bb3acc
Found in base branch: master
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.
Publish Date: 2016-07-04
URL: CVE-2015-0899
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0899
Fix Resolution: Upgrade to version Apache Struts 1.2.9 SP2 or greater
CVE-2015-0899 - High Severity Vulnerability
Vulnerable Library - struts-core-1.3.8.jar
Apache Struts
Library home page: http://struts.apache.org
Path to vulnerable library: /home/wss-scanner/.ivy2/cache/org.apache.struts/struts-core/jars/struts-core-1.3.8.jar
Dependency Hierarchy: - velocity-tools-2.0.jar (Root Library) - :x: **struts-core-1.3.8.jar** (Vulnerable Library)
Found in HEAD commit: d5a0ed9bff63893a5435e09333d22846f6bb3acc
Found in base branch: master
Vulnerability Details
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.
Publish Date: 2016-07-04
URL: CVE-2015-0899
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0899
Fix Resolution: Upgrade to version Apache Struts 1.2.9 SP2 or greater