Description
Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.
Remediation
References
http://www.securitytracker.com/id/1029077
http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html
http://struts.apache.org/release/2.3.x/docs/s2-018.html
http://secunia.com/advisories/54919
http://archives.neohapsis.com/archives/bugtraq/2013-10/0083.html
http://www.securityfocus.com/bid/64758
http://secunia.com/advisories/56483
http://secunia.com/advisories/56492
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
Related Vulnerabilities
CVE-2020-7647 Vulnerability in maven package io.jooby:jooby
CVE-2020-7653 Vulnerability in npm package snyk-broker
CVE-2016-2171 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed-security
CVE-2020-5231 Vulnerability in maven package org.opencastproject:opencast-kernel
CVE-2020-28472 Vulnerability in maven package org.webjars.bower:aws-sdk