CVE-2011-2088
published 2011-05-13CVE-2011-2088: XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about…
PriorityP426medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
6.14%
92.6th percentile
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | struts | — | — |
| opensymphony | xwork | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
ghsa2.6LOW
osv2.6LOW
vendor_redhat2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
XWork in Apache Struts Reveals Sensitive Information
ghsa·2022-05-14·CVSS 2.6
CVE-2011-2088 [LOW] CWE-200 XWork in Apache Struts Reveals Sensitive Information
XWork in Apache Struts Reveals Sensitive Information
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
OSV
XWork in Apache Struts Reveals Sensitive Information
osv·2022-05-14·CVSS 2.6
CVE-2011-2088 [LOW] XWork in Apache Struts Reveals Sensitive Information
XWork in Apache Struts Reveals Sensitive Information
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
Red Hat
struts: Allows remote attackers to obtain potentially sensitive information via vectors involving an s:submit element
vendor_redhat·2011-02-22·CVSS 2.6
CVE-2011-2088 [LOW] struts: Allows remote attackers to obtain potentially sensitive information via vectors involving an s:submit element
struts: Allows remote attackers to obtain potentially sensitive information via vectors involving an s:submit element
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
Statement: A previous statement by Red Hat related to this CVE, prior to August 2019, said that Apache Struts 2 is not included in any Red Hat products. This earlier statement was incorrect. While Struts 2 is not actively compiled, shipped, used, or enabled in any Red Hat provided final products, and does not cause any vulnerability in the product, struts2-core jars have been i
No detection rules found.
No public exploits indexed.
http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.htmlhttp://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.htmlhttp://www.securityfocus.com/archive/1/518066/100/0/threadedhttp://www.ventuneac.net/security-advisories/MVSA-11-006https://issues.apache.org/jira/browse/WW-3579http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.htmlhttp://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.htmlhttp://www.securityfocus.com/archive/1/518066/100/0/threadedhttp://www.ventuneac.net/security-advisories/MVSA-11-006https://issues.apache.org/jira/browse/WW-3579
2011-05-13
Published