Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability

Bugtraq ID: 51628
Class: Design Error
CVE: CVE-2011-3923
Remote: Yes
Local: No
Published: Jan 22 2012 12:00AM
Updated: Jan 22 2012 12:00AM
Credit: Meder Kydyraliev
Vulnerable: Apache Software Foundation Struts 2.2.3
Apache Software Foundation Struts 2.2.1 1
Apache Software Foundation Struts 2.2
Apache Software Foundation Struts 2.1.8 .1
Apache Software Foundation Struts 2.1.8 .1
Apache Software Foundation Struts 2.1.8
Apache Software Foundation Struts 2.1.6
Apache Software Foundation Struts 2.1.5
Apache Software Foundation Struts 2.1.2
Apache Software Foundation Struts 2.1.1
Apache Software Foundation Struts 2.1.1
Apache Software Foundation Struts 2.1
Apache Software Foundation Struts 2.0.14
Apache Software Foundation Struts 2.0.12
Apache Software Foundation Struts 2.0.11 .2
Apache Software Foundation Struts 2.0.11 .1
Apache Software Foundation Struts 2.0.11
Apache Software Foundation Struts 2.0.10
Apache Software Foundation Struts 2.0.9
Apache Software Foundation Struts 2.0.8
Apache Software Foundation Struts 2.0.7
Apache Software Foundation Struts 2.0.6
Apache Software Foundation Struts 2.0.5
Apache Software Foundation Struts 2.0.4
Apache Software Foundation Struts 2.0.3
Apache Software Foundation Struts 2.0.2
Apache Software Foundation Struts 2.0.1
Apache Software Foundation Struts 2.0
Apache Software Foundation Struts 2.3.1.1
Apache Software Foundation Struts 2.2.3.1
Apache Software Foundation Struts 2.1.8
Apache Software Foundation Struts 2.1.4
Apache Software Foundation Struts 2.1.3
Apache Software Foundation Struts 2.0.13
Not Vulnerable: Apache Software Foundation Struts 2.3.1.2


 

Privacy Statement
Copyright 2010, SecurityFocus