CVE-2015-5209

Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*

History

21 Nov 2024, 02:32

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/82550 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/82550 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1033908 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1033908 - Third Party Advisory, VDB Entry
References () https://security.netapp.com/advisory/ntap-20180629-0002/ - () https://security.netapp.com/advisory/ntap-20180629-0002/ -
References () https://struts.apache.org/docs/s2-026.html - Mitigation, Vendor Advisory () https://struts.apache.org/docs/s2-026.html - Mitigation, Vendor Advisory

Information

Published : 2017-08-29 15:29

Updated : 2024-11-21 02:32


NVD link : CVE-2015-5209

Mitre link : CVE-2015-5209

CVE.ORG link : CVE-2015-5209


JSON object : View

Products Affected

apache

  • struts
CWE
CWE-20

Improper Input Validation