Child pages
  • S2-025

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Affects of a cross-site scripting vulnerability when debug mode is switched on or JSPs are exposed in production environment.

Maximum security rating

Low

Recommendation

Turn off debug mode in production environment, apply tips from Security guideline to secure JSPs. An upgrade to Struts 2.3.20 is recommended.

Affected Software

Struts 2.0.0 - Struts Struts 2.3.16.3

Reporter

Takayoshi Isayama, Mitsui Bussan Secure Directions, Inc. Taki Uchiyama, JPCERT/CC(vulnerability with JSPs)

anonymous (vulnerability with devMode)

CVE Identifier

CVE-2015-5169

...