Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability

Bugtraq ID: 60167
Class: Design Error
CVE: CVE-2013-2115
Remote: Yes
Local: No
Published: May 27 2013 12:00AM
Updated: Jun 02 2014 12:20AM
Credit: Eric Kobrin and Douglas Rodrigues (Akamai), Coverity Security Research Laboratory, NSFOCUS Security Team
Vulnerable: IBM Storwize V7000 Unified 1.3.1.0
IBM Storwize V7000 Unified 1.3.0.5
IBM Storwize V7000 Unified 1.3.0.0
Apache Software Foundation Struts 2.2.3
Apache Software Foundation Struts 2.2.1 1
Apache Software Foundation Struts 2.2
Apache Software Foundation Struts 2.3.1.2
Apache Software Foundation Struts 2.3.1.1
Apache Software Foundation Struts 2.2.3.1
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus