Apache Struts 2.0.9/2.1.8 - Session Tampering Security Bypass
| EKU-ID: 40976 | CVE: CVE-2011-5057;OSVDB-77599 | OSVDB-ID: |
| Author: Hisato Killing | Published: 2011-12-07 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 40976 | CVE: CVE-2011-5057;OSVDB-77599 | OSVDB-ID: |
| Author: Hisato Killing | Published: 2011-12-07 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/50940/info Apache Struts is prone to a security-bypass vulnerability that allows session tampering. Successful attacks will allow attackers to bypass security restrictions and gain unauthorized access. Apache Struts versions 2.0.9 and 2.1.8.1 are vulnerable; other versions may also be affected. http://www.example.com/SomeAction.action?session.somekey=someValue