CVE-2015-5209

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGH
EPSS
1.4%
top 19.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Struts
Timeline
PublishedAug 29
Latest updateMay 14

Description

Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDapache/struts66 versions+65

🔴Vulnerability Details

3
OSV
Special top object can be used to access Struts' internals2022-05-14
GHSA
Special top object can be used to access Struts' internals2022-05-14
CVEList
CVE-2015-5209: Apache Struts 22017-08-29
CVE-2015-5209 (HIGH CVSS 7.5) | Apache Struts 2.x before 2.3.24.1 a | cvebase.io