...
Who should read this | All Struts 2 developers |
|---|---|
Impact of vulnerability | CSRF protection weakening |
Maximum security rating | Moderate |
Recommendation | Developers should upgrade to Struts 2.3.4.1 |
Affected Software | Struts 2.0.0 - Struts 2.3.4 |
Original JIRA Tickets | |
Reporter | James K. Williams |
CVE Identifier | CVE-2012-4386 |
Problem
The Struts 2 token mechanism (token tag and token interceptors) was originally targeted at providing double submit check for forms.
...