CVE-2011-2088 — Sensitive Information Exposure in Apache Struts

CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

5.0MEDIUMNVD

CNA2.6GHSA2.6OSV2.6

EPSS

0.8%

top 25.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Struts Opensymphony Xwork

Timeline

PublishedMay 13

Latest updateMay 14

Description

XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDopensymphony/xwork2.2.1

▶NVDapache/struts2.2.1

Patches

Patch: issues.apache.org ↗Patch: issues.apache.org ↗

🔴Vulnerability Details

GHSA

XWork in Apache Struts Reveals Sensitive Information↗2022-05-14

▶

OSV

XWork in Apache Struts Reveals Sensitive Information↗2022-05-14

▶

CVEList

CVE-2011-2088: XWork 2↗2011-05-13

▶

📋Vendor Advisories

Red Hat

struts: Allows remote attackers to obtain potentially sensitive information via vectors involving an s:submit element↗2011-02-22

▶

💬Community

Bugzilla

CVE-2011-2088 struts: Allows remote attackers to obtain potentially sensitive information via vectors involving an s:submit element↗2011-07-21

▶