Apache Struts CVE-2015-0899 Security Bypass Vulnerability

Bugtraq ID: 74423
Class: Design Error
CVE: CVE-2015-0899
Remote: Yes
Local: No
Published: Apr 10 2015 12:00AM
Updated: Jun 12 2018 06:00PM
Credit: The vendor reported this issue.
Vulnerable: Seasar Foundation S2Struts 1.3.2
Seasar Foundation S2Struts 1.2.13
SAP Internet Sales 7.54
SAP Internet Sales 7.33
SAP Internet Sales 7.32
SAP Internet Sales 7.31
SAP Internet Sales 7.30
NTT DATA Corporation TERASOLUNA Server Framework for Java(WEB) 2.0.5.2
NTT DATA Corporation TERASOLUNA Server Framework for Java(WEB) 2.0.5.0
NTT DATA Corporation TERASOLUNA Server Framework for Java(WEB) 2.0.4.0
NTT DATA Corporation TERASOLUNA Server Framework for Java(WEB) 2.0.3.0
NTT DATA Corporation TERASOLUNA Server Framework for Java(WEB) 2.0.2.0
NTT DATA Corporation TERASOLUNA Server Framework for Java(WEB) 2.0.1.0
NTT DATA Corporation TERASOLUNA Server Framework for Java(WEB) 2.0.0.1
IBM Websphere Portal 8.5
IBM Websphere Portal 8.0
IBM Websphere Portal 7.0
IBM Websphere Portal 6.1
IBM Business Process Manager Advanced 8.5
IBM Business Process Manager Advanced 8.0.1
IBM Business Process Manager Advanced 8.5.7.0
IBM Business Process Manager Advanced 8.5.6.0
IBM Business Process Manager Advanced 8.5.5.0
IBM Business Process Manager Advanced 8.5.0.2
IBM Business Process Manager Advanced 8.5.0.1
IBM Business Process Manager Advanced 8.0.1.3
IBM Business Process Manager Advanced 8.0.1.2
IBM Business Process Manager Advanced 8.0.1.1
IBM Business Process Manager Advanced 8.0.0.0
IBM Business Process Manager Advanced 7.5.1.2
IBM Business Process Manager Advanced 7.5.1.1
IBM Business Process Manager Advanced 7.5.1.0
IBM Business Process Manager Advanced 7.5.0.1
IBM Business Process Manager Advanced 7.5.0.0
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Apache Struts 1.2.9 sp1
Apache Struts 1.2.9
Apache Struts 1.2.8
Apache Struts 1.2.7
+ Redhat Application Server AS 3
+ Redhat Application Server ES 3
+ Redhat Application Server WS 3
Apache Struts 1.2.4
+ Redhat Application Server AS 3
+ Redhat Application Server ES 3
+ Redhat Application Server WS 3
Apache Struts 1.1
Apache Struts 1.2.6
Apache Struts 1.2.2
Not Vulnerable: Apache Struts 1.2.9 SP2


 

Privacy Statement
Copyright 2010, SecurityFocus