← back
CVE-2011-2088

CVE-2011-2088

EPSS 6.1%
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.htmlhttp://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.htmlhttps://issues.apache.org/jira/browse/WW-3579http://www.securityfocus.com/archive/1/518066/100/0/threadedhttp://www.ventuneac.net/security-advisories/MVSA-11-006