Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability

Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input.

Attackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer.

Apache Struts versions 2.0.0 through 2.3.14.1 are vulnerable.

Note: This issue is the result of an incomplete fix for the issue described in BID 60166 (Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability).


 

Privacy Statement
Copyright 2010, SecurityFocus