Search criteria
6 vulnerabilities found for webwork by opensymphony
FKIE_CVE-2011-2088
Vulnerability from fkie_nvd - Published: 2011-05-13 17:05 - Updated: 2025-04-11 00:51
Severity ?
Summary
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | struts | 2.2.1 | |
| opensymphony | xwork | 2.2.1 | |
| opensymphony | webwork | - | |
| opensymphony | xwork | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9093C0-AE6A-4285-B159-8FDBF37E33D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensymphony:xwork:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86571CB0-00C3-407E-AA23-F84628AC4EA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensymphony:webwork:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68D68135-A485-4A9D-AA01-6F11D166A604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensymphony:xwork:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63E63E98-5734-4CA9-98BA-1040B2CF4C77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3."
},
{
"lang": "es",
"value": "XWork v2.2.1 en Apache Struts v2.2.1, y XWork OpenSymphony en OpenSymphony WebWork, permite a atacantes remotos obtener informaci\u00f3n sensible acerca de las rutas internas de clases Java a trav\u00e9s de vectores implican un elemento s:submit y un m\u00e9todo inexistente, una vulnerabilidad diferente de CVE-2011-1772.3."
}
],
"id": "CVE-2011-2088",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-13T17:05:45.283",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"source": "cve@mitre.org",
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/518066/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/518066/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1772
Vulnerability from fkie_nvd - Published: 2011-05-13 17:05 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | struts | 2.0.0 | |
| apache | struts | 2.0.1 | |
| apache | struts | 2.0.2 | |
| apache | struts | 2.0.3 | |
| apache | struts | 2.0.4 | |
| apache | struts | 2.0.5 | |
| apache | struts | 2.0.6 | |
| apache | struts | 2.0.7 | |
| apache | struts | 2.0.8 | |
| apache | struts | 2.0.9 | |
| apache | struts | 2.0.10 | |
| apache | struts | 2.0.11 | |
| apache | struts | 2.0.11.1 | |
| apache | struts | 2.0.11.2 | |
| apache | struts | 2.0.12 | |
| apache | struts | 2.0.13 | |
| apache | struts | 2.0.14 | |
| apache | struts | 2.1.0 | |
| apache | struts | 2.1.1 | |
| apache | struts | 2.1.2 | |
| apache | struts | 2.1.3 | |
| apache | struts | 2.1.4 | |
| apache | struts | 2.1.5 | |
| apache | struts | 2.1.6 | |
| apache | struts | 2.1.8 | |
| apache | struts | 2.1.8.1 | |
| apache | struts | 2.2.1 | |
| apache | struts | 2.2.1.1 | |
| opensymphony | webwork | * | |
| opensymphony | xwork | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF11DCF-6F6E-4E18-988E-E43918FBB8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3A90B7-C632-4D3E-9A4F-21E46D273B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "386538BE-F258-4870-8E11-750ADA228026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CF15B9-3714-4206-9971-1F7D59E20483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA32D87-65C7-4589-86B7-500BE3203CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "98C3FB11-4E24-4067-A3A9-021F849DAAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCF2D72-90F1-4D1B-94A2-5BB3D8C086C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "661F1610-9FCD-4FC1-BCA1-69C58E0A1389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C89E22-B106-4EAB-90A1-0EA86C165737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1BABB2-780E-47E0-87A9-A164906C8421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AC32348E-7EF4-411C-9A44-CD041ABFA0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94BD452B-AE41-4F7A-9DB9-4B1039582537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACFDC53B-7B8E-4333-BC87-E01024EC9C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0818E7-B617-4C30-BFAC-9FE2F375F8BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "50F4A58E-F3D4-4711-A37E-EA538B112371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "EFFCC96F-FD87-4495-B8A5-19D7898D5662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA0424E-84B4-41BD-8E6C-93E2A77DD6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC53AE5-3640-4FE1-B0B1-EA26C5B9EB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "662A2E4B-A76A-4498-98A6-F90DF65C62B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E720B3A-4CFB-47FE-B80C-67C59D4C7FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA687B56-A09B-4741-84F1-2BD9569A3F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC0E358-8B4D-480B-BFAE-966CB697310A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2B7E8E1C-C667-4AED-86A5-2BD0C62AAD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "88B3348C-1086-4A16-97E3-52DB65FF860A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3C65711D-9C5B-4644-A12D-82243CB6FB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1FA9A7-2C8E-4651-9400-190198528642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9093C0-AE6A-4285-B159-8FDBF37E33D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "267A1C33-1C95-41DA-8A01-6F20C7BE1772",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensymphony:webwork:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09604417-9AF3-4F95-8E7A-695AD510168E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensymphony:xwork:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D54BC82-0A21-42F7-9439-EB6BF2E95393",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en XWork en Apache Struts v2.x anterior a v2.2.3, y OpenSymphony XWork en OpenSymphony WebWork, permite a atacantes remotos inyectar c\u00f3digo web script o HTML a trav\u00e9s de vectores que implican (1) un \"action name\", (2) la acci\u00f3n atributo de un elemento \"s:submit\", o (3) el atributo del m\u00e9todo del elemento \"s:submit\"."
}
],
"id": "CVE-2011-1772",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-05-13T17:05:44.267",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://jvn.jp/en/jp/JVN25435092/index.html"
},
{
"source": "secalert@redhat.com",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106"
},
{
"source": "secalert@redhat.com",
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"source": "secalert@redhat.com",
"url": "http://struts.apache.org/2.2.3/docs/version-notes-223.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://struts.apache.org/2.x/docs/s2-006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47784"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1198"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN25435092/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://struts.apache.org/2.2.3/docs/version-notes-223.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://struts.apache.org/2.x/docs/s2-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-2088 (GCVE-0-2011-2088)
Vulnerability from cvelistv5 – Published: 2011-05-13 17:00 – Updated: 2024-08-06 22:46
VLAI?
Summary
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"name": "20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518066/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"name": "20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518066/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/WW-3579",
"refsource": "MISC",
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"name": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html",
"refsource": "MISC",
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"name": "http://www.ventuneac.net/security-advisories/MVSA-11-006",
"refsource": "MISC",
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"name": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html",
"refsource": "MISC",
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"name": "20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518066/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2088",
"datePublished": "2011-05-13T17:00:00",
"dateReserved": "2011-05-13T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1772 (GCVE-0-2011-1772)
Vulnerability from cvelistv5 – Published: 2011-05-13 17:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-1198",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1198"
},
{
"name": "47784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47784"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://struts.apache.org/2.x/docs/s2-006.html"
},
{
"name": "JVNDB-2011-000106",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106"
},
{
"name": "JVN#25435092",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN25435092/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://struts.apache.org/2.2.3/docs/version-notes-223.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-19T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2011-1198",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1198"
},
{
"name": "47784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47784"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://struts.apache.org/2.x/docs/s2-006.html"
},
{
"name": "JVNDB-2011-000106",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106"
},
{
"name": "JVN#25435092",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN25435092/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://struts.apache.org/2.2.3/docs/version-notes-223.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1772",
"datePublished": "2011-05-13T17:00:00",
"dateReserved": "2011-04-19T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2088 (GCVE-0-2011-2088)
Vulnerability from nvd – Published: 2011-05-13 17:00 – Updated: 2024-08-06 22:46
VLAI?
Summary
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"name": "20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518066/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"name": "20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518066/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/WW-3579",
"refsource": "MISC",
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"name": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html",
"refsource": "MISC",
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"name": "http://www.ventuneac.net/security-advisories/MVSA-11-006",
"refsource": "MISC",
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"name": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html",
"refsource": "MISC",
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"name": "20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518066/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2088",
"datePublished": "2011-05-13T17:00:00",
"dateReserved": "2011-05-13T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1772 (GCVE-0-2011-1772)
Vulnerability from nvd – Published: 2011-05-13 17:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-1198",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1198"
},
{
"name": "47784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47784"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://struts.apache.org/2.x/docs/s2-006.html"
},
{
"name": "JVNDB-2011-000106",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106"
},
{
"name": "JVN#25435092",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN25435092/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://struts.apache.org/2.2.3/docs/version-notes-223.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-19T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2011-1198",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1198"
},
{
"name": "47784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47784"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://struts.apache.org/2.x/docs/s2-006.html"
},
{
"name": "JVNDB-2011-000106",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106"
},
{
"name": "JVN#25435092",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN25435092/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://struts.apache.org/2.2.3/docs/version-notes-223.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1772",
"datePublished": "2011-05-13T17:00:00",
"dateReserved": "2011-04-19T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}