Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-6505Path Traversal in Apache Struts

CWE-22Path Traversal5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
82.9%
top 0.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Struts
Timeline
PublishedMar 23
Latest updateMay 17

Description

Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/struts7 versions+6

🔴Vulnerability Details

3
OSV
Apache Struts directory traversal vulnerability2022-05-17
GHSA
Apache Struts directory traversal vulnerability2022-05-17
CVEList
CVE-2008-6505: Multiple directory traversal vulnerabilities in Apache Struts 22009-03-23

💥Exploits & PoCs

1
Exploit-DB
Struts 2.0.11 - Multiple Directory Traversal Vulnerabilities2008-11-04
CVE-2008-6505 — Path Traversal in Apache Struts | cvebase