Apache Struts 2 Java Class Path Information Disclosure
Publish Date: 21 luglio 2015
Gravità: : Medio
Identificatori CVE: CVE-2011-2088
Data notifica: 21 luglio 2015
Descrizione
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1000552
Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention
Software e versione interessati:
- apache struts 2.2.1
- opensymphony webwork -
- opensymphony xwork -
- opensymphony xwork 2.2.1