Main Vulnerability Database Vulnerabilities #VU90112

Permissions, Privileges, and Access Controls in Apache Struts - CVE-2011-5057

Published: May 31, 2024

Vulnerability identifier: #VU90112

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2011-5057

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Apache Foundation

Affected software:
Apache Struts

Detailed vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to Apache Struts provides interfaces that do not properly restrict access to collections such as the session and request collections. A remote attacker can modify run-time data values via a crafted parameter to an application that implements an affected interface.

How to mitigate CVE-2011-5057

Install updates from vendor's website.

Sources

http://codesecure.blogspot.com/2011/12/struts-2-session-tampering-via.html
http://secunia.com/advisories/47109
https://issues.apache.org/jira/browse/WW-2264
https://issues.apache.org/jira/browse/WW-3631

Permissions, Privileges, and Access Controls in Apache Struts - CVE-2011-5057

Detailed vulnerability description

How to mitigate CVE-2011-5057

Sources

Please verify you're human