Web application abuses : Apache Struts Security Update (S2-006)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801940

Categoría: Web application abuses

Título: Apache Struts Security Update (S2-006) - Active Check

Resumen: Apache Struts is prone to multiple vulnerabilities.

Descripción: Summary:
Apache Struts is prone to multiple vulnerabilities.

Vulnerability Insight:
The flaw is due to error in XWork, when handling the
's:submit' element and a nonexistent method, which gives sensitive information about
internal Java class paths.

Vulnerability Impact:
Successful exploitation will allow attackers to obtain
potentially sensitive information about internal Java class paths via vectors involving
an s:submit element and a nonexistent method.

Affected Software/OS:
XWork version 2.2.1 in Apache Struts 2.2.1 is known
to be vulnerable.

Solution:
Update Apache Struts to version 2.2.3 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1772
47784
http://www.securityfocus.com/bid/47784
ADV-2011-1198
http://www.vupen.com/english/advisories/2011/1198
JVN#25435092
http://jvn.jp/en/jp/JVN25435092/index.html
JVNDB-2011-000106
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106
http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html
http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html
http://struts.apache.org/2.2.3/docs/version-notes-223.html
http://struts.apache.org/2.x/docs/s2-006.html
http://www.ventuneac.net/security-advisories/MVSA-11-006
https://issues.apache.org/jira/browse/WW-3579
Common Vulnerability Exposure (CVE) ID: CVE-2011-2088
Bugtraq: 20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure (Google Search)
http://www.securityfocus.com/archive/1/518066/100/0/threaded

Copyright Copyright (C) 2011 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801940
Categoría:	Web application abuses
Título:	Apache Struts Security Update (S2-006) - Active Check
Resumen:	Apache Struts is prone to multiple vulnerabilities.
Descripción:	Summary: Apache Struts is prone to multiple vulnerabilities. Vulnerability Insight: The flaw is due to error in XWork, when handling the 's:submit' element and a nonexistent method, which gives sensitive information about internal Java class paths. Vulnerability Impact: Successful exploitation will allow attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method. Affected Software/OS: XWork version 2.2.1 in Apache Struts 2.2.1 is known to be vulnerable. Solution: Update Apache Struts to version 2.2.3 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1772 47784 http://www.securityfocus.com/bid/47784 ADV-2011-1198 http://www.vupen.com/english/advisories/2011/1198 JVN#25435092 http://jvn.jp/en/jp/JVN25435092/index.html JVNDB-2011-000106 http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106 http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html http://struts.apache.org/2.2.3/docs/version-notes-223.html http://struts.apache.org/2.x/docs/s2-006.html http://www.ventuneac.net/security-advisories/MVSA-11-006 https://issues.apache.org/jira/browse/WW-3579 Common Vulnerability Exposure (CVE) ID: CVE-2011-2088 Bugtraq: 20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure (Google Search) http://www.securityfocus.com/archive/1/518066/100/0/threaded
Copyright	Copyright (C) 2011 Greenbone Networks GmbH