Vulnerability

CVE-2015-0899

 Report advisory or correction

CVSS Score 7.5 high

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-20

References

http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000042.html
https://en.osdn.jp/projects/terasoluna/wiki/StrutsPatch2-EN
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0899

[CVE-2015-0899] CWE-20: Improper Input Validation

Description

The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.

See org.apache.struts/struts-core package information