cvelistv5 - cve-2015-5169

cve-2015-5169

Vulnerability from cvelistv5

Published

2017-09-25 21:00

Modified

2024-08-06 06:41

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.

References

URL	Tags
secalert@redhat.com	http://jvn.jp/en/jp/JVN95989300/index.html	Third Party Advisory, VDB Entry
secalert@redhat.com	http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securityfocus.com/bid/76625	Third Party Advisory, VDB Entry
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1260087	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20180629-0003/	Third Party Advisory
secalert@redhat.com	https://struts.apache.org/docs/s2-025.html	Vendor Advisory

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:41:08.886Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180629-0003/"
          },
          {
            "name": "76625",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76625"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://struts.apache.org/docs/s2-025.html"
          },
          {
            "name": "JVNDB-2015-000125",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087"
          },
          {
            "name": "JVN#95989300",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN95989300/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-30T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180629-0003/"
        },
        {
          "name": "76625",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76625"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://struts.apache.org/docs/s2-025.html"
        },
        {
          "name": "JVNDB-2015-000125",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087"
        },
        {
          "name": "JVN#95989300",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN95989300/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-5169",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.netapp.com/advisory/ntap-20180629-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180629-0003/"
            },
            {
              "name": "76625",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76625"
            },
            {
              "name": "https://struts.apache.org/docs/s2-025.html",
              "refsource": "CONFIRM",
              "url": "https://struts.apache.org/docs/s2-025.html"
            },
            {
              "name": "JVNDB-2015-000125",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087"
            },
            {
              "name": "JVN#95989300",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN95989300/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-5169",
    "datePublished": "2017-09-25T21:00:00",
    "dateReserved": "2015-07-01T00:00:00",
    "dateUpdated": "2024-08-06T06:41:08.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-5169\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2017-09-25T21:29:00.303\",\"lastModified\":\"2018-11-23T15:46:06.990\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Apache Struts en versiones anteriores a 2.3.20.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.3.16.3\",\"matchCriteriaId\":\"BF970548-1E46-42E7-8323-4C9FF7A778F6\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN95989300/index.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/76625\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1260087\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180629-0003/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://struts.apache.org/docs/s2-025.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

ghsa-vwhv-j36g-5rm8

Vulnerability from github

Published

2022-05-14 01:57

Modified

2022-11-03 23:01

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Cross-site Scripting in Apache Struts

Details

When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script.

It is generally not advisable to have debug mode switched on outside of the development environment. Debug mode should always be turned off in production setup. Also never expose JSPs files directly and hide them inside WEB-INF folder or define dedicated security constraints to block access to raw JSP files.

Struts >= 2.3.20 is not vulnerable to this attack. We recommend upgrading to Struts 2.3.20 or higher.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts2-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-5169"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-03T23:01:19Z",
    "nvd_published_at": "2017-09-25T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the \u0027Problem Report\u0027 screen. Also if JSP files are exposed to be accessed directly it\u0027s possible to execute an arbitrary script. \n\nIt is generally not advisable to have debug mode switched on outside of the development environment. Debug mode should always be turned off in production setup. Also never expose JSPs files directly and hide them inside WEB-INF folder or define dedicated security constraints to block access to raw JSP files.\n\nStruts \u003e= 2.3.20 is not vulnerable to this attack. We recommend upgrading to Struts 2.3.20 or higher.",
  "id": "GHSA-vwhv-j36g-5rm8",
  "modified": "2022-11-03T23:01:19Z",
  "published": "2022-05-14T01:57:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5169"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/struts"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20180629-0003"
    },
    {
      "type": "WEB",
      "url": "https://struts.apache.org/docs/s2-025.html"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN95989300/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cross-site Scripting in Apache Struts"
}

gsd-2015-5169

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.

Aliases

CVE-2015-5169

Aliases

CVE-2015-5169

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-5169",
    "description": "Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.",
    "id": "GSD-2015-5169"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-5169"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.",
      "id": "GSD-2015-5169",
      "modified": "2023-12-13T01:20:06.722848Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2015-5169",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.netapp.com/advisory/ntap-20180629-0003/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20180629-0003/"
          },
          {
            "name": "76625",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/76625"
          },
          {
            "name": "https://struts.apache.org/docs/s2-025.html",
            "refsource": "CONFIRM",
            "url": "https://struts.apache.org/docs/s2-025.html"
          },
          {
            "name": "JVNDB-2015-000125",
            "refsource": "JVNDB",
            "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087"
          },
          {
            "name": "JVN#95989300",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN95989300/index.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,2.3.16.3]",
          "affected_versions": "All versions up to 2.3.16.3",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2018-11-23",
          "description": "When Debug mode is turned on, under certain conditions an arbitrary script may be executed in the `Problem Report` screen. Also if JSP files are exposed to be accessed directly it\u0027s possible to execute an arbitrary script.",
          "fixed_versions": [
            "2.3.20"
          ],
          "identifier": "CVE-2015-5169",
          "identifiers": [
            "CVE-2015-5169"
          ],
          "not_impacted": "All versions after 2.3.16.3",
          "package_slug": "maven/org.apache.struts/struts2-core",
          "pubdate": "2017-09-25",
          "solution": "Upgrade to version 2.3.20 or above.",
          "title": "Cross-Site Scripting vulnerability on \"Problem Report\" screen",
          "urls": [
            "https://struts.apache.org/docs/s2-025.html"
          ],
          "uuid": "2a02cfc9-0a90-41c1-b244-923f096905b3"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.3.16.3",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-5169"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://struts.apache.org/docs/s2-025.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://struts.apache.org/docs/s2-025.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087"
            },
            {
              "name": "76625",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/76625"
            },
            {
              "name": "JVNDB-2015-000125",
              "refsource": "JVNDB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html"
            },
            {
              "name": "JVN#95989300",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://jvn.jp/en/jp/JVN95989300/index.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180629-0003/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180629-0003/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2018-11-23T15:46Z",
      "publishedDate": "2017-09-25T21:29Z"
    }
  }
}

cve-2015-5169

Vulnerability from jvndb

Published

2015-09-04 15:12

Modified

2017-10-02 12:08

Severity ?

() - -

Summary

Apache Struts vulnerable to cross-site scripting

Details

Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a cross-site scripting vulnerability when devMode is left turned on. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN95989300/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5169
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-5169
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Apache Software Foundation	Apache Struts

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html",
  "dc:date": "2017-10-02T12:08+09:00",
  "dcterms:issued": "2015-09-04T15:12+09:00",
  "dcterms:modified": "2017-10-02T12:08+09:00",
  "description": "Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a cross-site scripting vulnerability when devMode is left turned on.\r\n\r\nMasaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html",
  "sec:cpe": {
    "#text": "cpe:/a:apache:struts",
    "@product": "Apache Struts",
    "@vendor": "Apache Software Foundation",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2015-000125",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN95989300/index.html",
      "@id": "JVN#95989300",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5169",
      "@id": "CVE-2015-5169",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2015-5169",
      "@id": "CVE-2015-5169",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Apache Struts vulnerable to cross-site scripting"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2015-5169

Vulnerability from cvelistv5

ghsa-vwhv-j36g-5rm8

Vulnerability from github

gsd-2015-5169

Vulnerability from gsd

cve-2015-5169

Vulnerability from jvndb

Tags

Sightings

Nomenclature