Versions Compared

Old Version 2

changes.mady.by.user René Gielen

Saved on

compared with

New Version Current

changes.mady.by.user Lukasz Lenart

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Denial of Service

Maximum security rating

MediumModerate

Recommendation

Upgrade to Struts 2.5.22 or greater

If this is not possible, add java.io. and java.nio. to the value attribute of the struts.excludedPackageNames constant in struts-default.xml.

Affected Software

Struts 2.0.0 - Struts 2.5.20

Reporters

Takeshi Terada of Mitsui Bussan Secure Directions, Inc.

CVE Identifier

CVE-2019-0233

...