CVE-2015-1831 — Apache Struts vulnerability

6 documents6 sources
Severity
7.5HIGHNVD
EPSS
4.5%
top 10.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Struts
Timeline
PublishedJul 16
Latest updateMay 17

Description

The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

â–¶NVDapache/struts2.3.20

🔴Vulnerability Details

3
GHSA
Incomplete exclude pattern in Apache Struts↗2022-05-17
â–¶
OSV
Incomplete exclude pattern in Apache Struts↗2022-05-17
â–¶
CVEList
CVE-2015-1831: The default exclude patterns (excludeParams) in Apache Struts 2↗2015-07-16
â–¶

📋Vendor Advisories

1
Red Hat
struts2: incorrect default exclude patterns↗2015-05-11
â–¶

💬Community

1
Bugzilla
CVE-2015-1831 struts2: incorrect default exclude patterns↗2015-05-18
â–¶
CVE-2015-1831 — Apache Struts vulnerability | cvebase