Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2088

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-2088
Last Modified 31 Oct 2012 12:00:00
Published 13 May 2011 01:05:45
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2088

Summary

XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.

Vulnerable Systems

Application

  • Apache Struts 2.2.1

  • Opensymphony Webwork

  • Opensymphony Webwork -

  • Opensymphony Xwork

  • Opensymphony Xwork -

  • Opensymphony Xwork 2.2.1


References

MISC - https://issues.apache.org/jira/browse/WW-3579

MISC - http://www.ventuneac.net/security-advisories/MVSA-11-006

BUGTRAQ - 20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure

MISC - http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html

MISC - http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html


Last Updated: 27 May 2016 10:49:48