Description

The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors.

Remediation

References

http://www.securityfocus.com/bid/75940

http://www.securitytracker.com/id/1032985

https://struts.apache.org/docs/s2-024.html

Related Vulnerabilities

CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-api

CVE-2022-37866 Vulnerability in maven package org.apache.ivy:ivy

CVE-2023-26056 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-macro-context

CVE-2024-4367 Vulnerability in maven package org.webjars.bowergithub.mozilla:pdfjs-dist

CVE-2019-1003061 Vulnerability in maven package org.jenkins-ci.plugins:jenkins-cloudformation-plugin

Severity

Critical

Tags

Vendor Advisory NVD-CWE-noinfo