CVE-2015-0899

The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
apachestruts
1.0
apachestruts
1.0.2
apachestruts
1.1
apachestruts
1.1:b1
apachestruts
1.1:b2
apachestruts
1.1:b3
apachestruts
1.1:rc1
apachestruts
1.1:rc2
apachestruts
1.2.2
apachestruts
1.2.4
apachestruts
1.2.6
apachestruts
1.2.7
apachestruts
1.2.8
apachestruts
1.2.9
apachestruts
1.3.5
apachestruts
1.3.8
apachestruts
1.3.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libstruts1.2-java
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
ignored
trusty
dne
precise
Fixed 1.2.9-5+deb7u2build0.12.04.1
released
lucid
ignored
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN86448949/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000042
http://www.debian.org/security/2016/dsa-3536
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/74423
https://en.osdn.jp/projects/terasoluna/wiki/StrutsPatch2-EN
https://security.netapp.com/advisory/ntap-20180629-0006/
http://jvn.jp/en/jp/JVN86448949/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000042
http://www.debian.org/security/2016/dsa-3536
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/74423
https://en.osdn.jp/projects/terasoluna/wiki/StrutsPatch2-EN
https://security.netapp.com/advisory/ntap-20180629-0006/