CVE-2011-2088 – org.apache.struts.xwork:xwork-core

Package

Manager: maven
Name: org.apache.struts.xwork:xwork-core
Vulnerable Version: >=0 <2.2.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.02556 pctl0.84945

Details

XWork in Apache Struts Reveals Sensitive Information XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.

Metadata

Created: 2022-05-14T02:55:17Z
Modified: 2023-08-17T21:57:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9ccm-g362-2r35/GHSA-9ccm-g362-2r35.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-9ccm-g362-2r35
Finding: F038
Auto approve: 1