CVE-2015-0899

EUVD-2022-3640
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
apachestruts
1.0
apachestruts
1.0.2
apachestruts
1.1
apachestruts
1.1:b1
apachestruts
1.1:b2
apachestruts
1.1:b3
apachestruts
1.1:rc1
apachestruts
1.1:rc2
apachestruts
1.2.2
apachestruts
1.2.4
apachestruts
1.2.6
apachestruts
1.2.7
apachestruts
1.2.8
apachestruts
1.2.9
apachestruts
1.3.5
apachestruts
1.3.8
apachestruts
1.3.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libstruts1.2-java
artful
dne
bionic
dne
cosmic
dne
disco
dne
lucid
ignored
precise
Fixed 1.2.9-5+deb7u2build0.12.04.1
released
trusty
dne
utopic
ignored
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN86448949/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000042
http://www.debian.org/security/2016/dsa-3536
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/74423
https://en.osdn.jp/projects/terasoluna/wiki/StrutsPatch2-EN
https://security.netapp.com/advisory/ntap-20180629-0006/
http://jvn.jp/en/jp/JVN86448949/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000042
http://www.debian.org/security/2016/dsa-3536
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/74423
https://en.osdn.jp/projects/terasoluna/wiki/StrutsPatch2-EN
https://security.netapp.com/advisory/ntap-20180629-0006/