CVE-2011-1772
published 2011-05-13CVE-2011-1772: Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote…
PriorityP423low2.6CVSS 2.0
AVNACHAuNCNIPAN
EXPLOIT
EPSS
33.11%
98.2th percentile
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
| apache | struts | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →XSS via action name parameter — monitor HTTP requests to Struts 2 endpoints where the action name contains injected script or HTML characters ↗
- →XSS payloads reflected in Struts 2 error pages — inspect error page responses for unsanitized reflection of s:submit action or method attribute values ↗
- →Scan for struts2 JARs in build artifacts from affected Red Hat source packages (Fuse Service Works 6.0.0, Single Sign On 7.3.0+) using the command provided ↗
- ·Vulnerability affects Apache Struts 2.x before version 2.2.3 only; Struts 1.x is not believed to be affected ↗
- ·CVE-2011-1772 (XSS) and CVE-2011-2088 (info disclosure) are distinct vulnerabilities sharing the same s:submit attack surface but with different impacts ↗
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
ghsa2.6LOW
osv2.6LOW
vendor_redhat2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross-site Scripting in Apache Struts
osv·2022-05-17
CVE-2011-1772 [LOW] Cross-site Scripting in Apache Struts
Cross-site Scripting in Apache Struts
Multiple Cross-Site Scripting (XSS) in XWork generated error pages in Apache Struts. By default, XWork doesn't escape action's names in automatically generated error page, allowing for a successful XSS attack. When Dynamic Method Invocation (DMI) is enabled, the action name is generated dynamically base on request parameters. This allows to call non-existing page and method to produce error page with injected code as below. As of Struts 2.2.3 the action names are escaped when automatically generated error pages are rendered.
GHSA
Cross-site Scripting in Apache Struts
ghsa·2022-05-17
CVE-2011-1772 [LOW] CWE-79 Cross-site Scripting in Apache Struts
Cross-site Scripting in Apache Struts
Multiple Cross-Site Scripting (XSS) in XWork generated error pages in Apache Struts. By default, XWork doesn't escape action's names in automatically generated error page, allowing for a successful XSS attack. When Dynamic Method Invocation (DMI) is enabled, the action name is generated dynamically base on request parameters. This allows to call non-existing page and method to produce error page with injected code as below. As of Struts 2.2.3 the action names are escaped when automatically generated error pages are rendered.
GHSA
XWork in Apache Struts Reveals Sensitive Information
ghsa·2022-05-14·CVSS 2.6
CVE-2011-2088 [LOW] CWE-200 XWork in Apache Struts Reveals Sensitive Information
XWork in Apache Struts Reveals Sensitive Information
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
OSV
XWork in Apache Struts Reveals Sensitive Information
osv·2022-05-14·CVSS 2.6
CVE-2011-2088 [LOW] XWork in Apache Struts Reveals Sensitive Information
XWork in Apache Struts Reveals Sensitive Information
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
Red Hat
struts: Allows remote attackers to obtain potentially sensitive information via vectors involving an s:submit element
vendor_redhat·2011-02-22·CVSS 2.6
CVE-2011-2088 [LOW] struts: Allows remote attackers to obtain potentially sensitive information via vectors involving an s:submit element
struts: Allows remote attackers to obtain potentially sensitive information via vectors involving an s:submit element
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
Statement: A previous statement by Red Hat related to this CVE, prior to August 2019, said that Apache Struts 2 is not included in any Red Hat products. This earlier statement was incorrect. While Struts 2 is not actively compiled, shipped, used, or enabled in any Red Hat provided final products, and does not cause any vulnerability in the product, struts2-core jars have been i
Red Hat
struts: Multiple XSS flaws in XWork
vendor_redhat·2011-02-22·CVSS 2.6
CVE-2011-1772 [LOW] CWE-79 struts: Multiple XSS flaws in XWork
struts: Multiple XSS flaws in XWork
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
Statement: A previous statement by Red Hat related to this CVE, prior to August 2019, said that Apache Struts 2 is not included in any Red Hat products. This earlier statement was incorrect. While Struts 2 is not actively compiled, shipped, used, or enabled in any Red Hat provided final products, and does not cause any vulnerability in the product, struts2-core jars have been included in some products' source
No detection rules found.
Bugzilla
CVE-2011-1772 struts: Multiple XSS flaws in XWork
bugzilla·2011-07-21·CVSS 2.6
CVE-2011-1772 [LOW] CVE-2011-1772 struts: Multiple XSS flaws in XWork
CVE-2011-1772 struts: Multiple XSS flaws in XWork
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1772 to the following vulnerability:
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1772
[2] http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html
[3] http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html
[4] http://www.ventuneac.net/secur
Bugzilla
CVE-2011-2088 struts: Allows remote attackers to obtain potentially sensitive information via vectors involving an s:submit element
bugzilla·2011-07-21·CVSS 2.6
CVE-2011-2088 [LOW] CVE-2011-2088 struts: Allows remote attackers to obtain potentially sensitive information via vectors involving an s:submit element
CVE-2011-2088 struts: Allows remote attackers to obtain potentially sensitive information via vectors involving an s:submit element
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-2088 to the following vulnerability:
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2088
[2] http://www.securityfocus.com/archive/1/archive/1/518066/100/0/threaded
[3] http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html
[4] http://secur
http://jvn.jp/en/jp/JVN25435092/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2011-000106http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.htmlhttp://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.htmlhttp://struts.apache.org/2.2.3/docs/version-notes-223.htmlhttp://struts.apache.org/2.x/docs/s2-006.htmlhttp://www.securityfocus.com/bid/47784http://www.ventuneac.net/security-advisories/MVSA-11-006http://www.vupen.com/english/advisories/2011/1198https://issues.apache.org/jira/browse/WW-3579http://jvn.jp/en/jp/JVN25435092/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2011-000106http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.htmlhttp://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.htmlhttp://struts.apache.org/2.2.3/docs/version-notes-223.htmlhttp://struts.apache.org/2.x/docs/s2-006.htmlhttp://www.securityfocus.com/bid/47784http://www.ventuneac.net/security-advisories/MVSA-11-006http://www.vupen.com/english/advisories/2011/1198https://issues.apache.org/jira/browse/WW-3579
2011-05-13
Published