Apache Struts is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.
Apache Struts versions 2.0.0 through 2.3.28.1 are vulnerable.
Information
Oracle Weblogic Server 12.2.1.2
Oracle Weblogic Server 12.2.1.1
Oracle Weblogic Server 12.2.1.0
Oracle Weblogic Server 12.1.3.0
Oracle WebCenter Sites 11.1.1 8.0
Oracle WebCenter Sites 12.2.1.2.0
Oracle WebCenter Sites 12.2.1.1.0
Oracle WebCenter Sites 12.2.1.0.0
Oracle Transfer Pricing Component 8.0.4
Oracle Transfer Pricing Component 8.0
Oracle Siebel Apps - E-Billing 7.1
Oracle Siebel Apps - E-Billing 7.0
Oracle Siebel Apps - E-Billing 6.2
Oracle Siebel Apps - E-Billing 6.1
Oracle MySQL Enterprise Monitor 3.2.1182
Oracle MySQL Enterprise Monitor 3.3.2.1162
Oracle MySQL Enterprise Monitor 3.1.6.8003
Oracle MICROS Retail XBRi Loss Prevention 10.8.1
Oracle MICROS Retail XBRi Loss Prevention 10.8
Oracle MICROS Retail XBRi Loss Prevention 10.7
Oracle MICROS Retail XBRi Loss Prevention 10.6
Oracle MICROS Retail XBRi Loss Prevention 10.5
Oracle MICROS Retail XBRi Loss Prevention 10.0.1
Oracle Insurance Data Foundation 8.0.4
Oracle Insurance Data Foundation 8.0.3
Oracle Insurance Data Foundation 8.0.2
Oracle Insurance Data Foundation 8.0.1
Oracle FLEXCUBE Private Banking 12.1
Oracle FLEXCUBE Private Banking 12.0.3
Oracle FLEXCUBE Private Banking 12.0.2
Oracle FLEXCUBE Private Banking 12.0.1
Oracle Financial Services Retail Performance Analytics 8.0.4
Oracle Financial Services Retail Performance Analytics 8.0
Oracle Financial Services Retail Customer Analytics 8.0.3
Oracle Financial Services Retail Customer Analytics 8.0
Oracle Financial Services Reconciliation Framework 8.0.2
Oracle Financial Services Reconciliation Framework 8.0.1
Oracle Financial Services Reconciliation Framework 8.0
Oracle Financial Services Profitability Management 8.0.4
Oracle Financial Services Profitability Management 8.0.3
Oracle Financial Services Profitability Management 8.0.2
Oracle Financial Services Profitability Management 8.0.1
Oracle Financial Services Profitability Management 6.1.1
Oracle Financial Services Profitability Management 6.1
Oracle Financial Services Profitability Management 6.0
Oracle Financial Services Pricing Management 8.0.4
Oracle Financial Services Pricing Management 8.0
Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.4
Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.3
Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.2
Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.1
Oracle Financial Services Loan Loss Forecasting and Provisioning 1.5.1
Oracle Financial Services Loan Loss Forecasting and Provisioning 1.5
Oracle Financial Services Liquidity Risk Management 8.0.4
Oracle Financial Services Liquidity Risk Management 8.0.2
Oracle Financial Services Liquidity Risk Management 8.0.1
Oracle Financial Services Institutional Performance Analytics 8.0.4
Oracle Financial Services Institutional Performance Analytics 8.0
Oracle Financial Services Hedge Management and IFRS Valuations 8.0.4
Oracle Financial Services Hedge Management and IFRS Valuations 8.0.3
Oracle Financial Services Hedge Management and IFRS Valuations 8.0.2
Oracle Financial Services Hedge Management and IFRS Valuations 8.0.1
Oracle Financial Services Hedge Management and IFRS Valuations 6.1.1
Oracle Financial Services Funds Transfer Pricing 8.0.4
Oracle Financial Services Funds Transfer Pricing 8.0.3
Oracle Financial Services Funds Transfer Pricing 8.0.2
Oracle Financial Services Funds Transfer Pricing 8.0.1
Oracle Financial Services Funds Transfer Pricing 6.1.1
Oracle Financial Services Funds Transfer Pricing 6.1
Oracle Financial Services Funds Transfer Pricing 6.0
Oracle Financial Services Enterprise Financial Performance Analytics 8.0.4
Oracle Financial Services Enterprise Financial Performance Analytics 8.0
Oracle Financial Services Data Integration Hub 8.0.4
Oracle Financial Services Data Integration Hub 8.0.3
Oracle Financial Services Data Integration Hub 8.0.2
Oracle Financial Services Data Integration Hub 8.0.1
Oracle Financial Services Data Foundation 8.0.4
Oracle Financial Services Data Foundation 8.0.3
Oracle Financial Services Data Foundation 8.0.2
Oracle Financial Services Data Foundation 8.0.1
Oracle Financial Services Basel Regulatory Capital Internal Ratings Bas 8.0.3
Oracle Financial Services Basel Regulatory Capital Internal Ratings Bas 8.0.2
Oracle Financial Services Basel Regulatory Capital Internal Ratings Bas 6.1.3
Oracle Financial Services Basel Regulatory Capital Internal Ratings Bas 6.1.2
Oracle Financial Services Basel Regulatory Capital Basic 8.0.3
Oracle Financial Services Basel Regulatory Capital Basic 8.0.2
Oracle Financial Services Basel Regulatory Capital Basic 6.1.3
Oracle Financial Services Basel Regulatory Capital Basic 6.1.2
Oracle Financial Services Asset Liability Management 8.0.4
Oracle Financial Services Asset Liability Management 8.0.3
Oracle Financial Services Asset Liability Management 8.0.2
Oracle Financial Services Asset Liability Management 8.0.1
Oracle Financial Services Asset Liability Management 6.1.1
Oracle Financial Services Asset Liability Management 6.1
Oracle Financial Services Asset Liability Management 6.0
Oracle Financial Services Analytical Applications Infrastructure 7.3.5
Oracle Financial Services Analytical Applications Infrastructure 7.3.4
Oracle Financial Services Analytical Applications Infrastructure 7.3.3
Oracle Communications Policy Management 12.2
IBM Storwize V7000 0
IBM Storwize V5000 -
IBM Storwize V3700 -
IBM Storwize V3500 -
IBM SAN Volume Controller 0
IBM Opportunity Detect 9.1.1
IBM Opportunity Detect 10.0
IBM Infosphere Metadata Workbench 9.1
IBM Infosphere Metadata Workbench 8.7
IBM Infosphere Metadata Workbench 8.5
IBM InfoSphere Information Server 9.1
IBM InfoSphere Information Server 8.7
IBM InfoSphere Information Server 8.5
IBM InfoSphere Information Server 11.5
IBM InfoSphere Information Server 11.3
IBM InfoSphere Information Governance Catalog 11.5
IBM InfoSphere Information Governance Catalog 11.3
Apache Struts 2.3.28
Apache Struts 2.3.24
Apache Struts 2.3.4 1
Apache Struts 2.3.4
Apache Struts 2.2.3
Apache Struts 2.2.1 1
Apache Struts 2.2
Apache Struts 2.1.8 .1
Apache Struts 2.1.8
Apache Struts 2.1.6
Apache Struts 2.1.5
Apache Struts 2.1.2
Apache Struts 2.1.1
Apache Struts 2.1.1
Apache Struts 2.1
Apache Struts 2.0.14
Apache Struts 2.0.12
Apache Struts 2.0.11 .2
Apache Struts 2.0.11 .1
Apache Struts 2.0.11
Apache Struts 2.0.10
Apache Struts 2.0.9
Apache Struts 2.0.8
Apache Struts 2.0.7
Apache Struts 2.0.6
Apache Struts 2.0.5
Apache Struts 2.0.4
Apache Struts 2.0.3
Apache Struts 2.0.2
Apache Struts 2.0.1
Apache Struts 2.0
Apache Struts 2.3.8
Apache Struts 2.3.7
Apache Struts 2.3.3
Apache Struts 2.3.28.1
Apache Struts 2.3.24.3
Apache Struts 2.3.24.2
Apache Struts 2.3.24.1
Apache Struts 2.3.20.3
Apache Struts 2.3.20.2
Apache Struts 2.3.20.1
Apache Struts 2.3.20
Apache Struts 2.3.16.3
Apache Struts 2.3.16.2
Apache Struts 2.3.16.1
Apache Struts 2.3.16
Apache Struts 2.3.15.3
Apache Struts 2.3.15.2
Apache Struts 2.3.15.1
Apache Struts 2.3.15
Apache Struts 2.3.14.3
Apache Struts 2.3.14.2
Apache Struts 2.3.14.1
Apache Struts 2.3.14
Apache Struts 2.3.12
Apache Struts 2.3.1.2
Apache Struts 2.3.1.1
Apache Struts 2.3.1
Apache Struts 2.2.3.1
Apache Struts 2.1.4
Apache Struts 2.1.3
Apache Struts 2.0.13
References:
- Struts Homepage (Apache Software Foundation)
- Action name clean up is error prone (Apache)
- Oracle Critical Patch Update Advisory - April 2017 (Oracle)
- ssg1S1009282: Multiple vulnerabilities in Apache Struts affect SAN Volume Contro (IBM)
- swg21987854: Multiple Vulnerabilities in Struts v2 affect IBM Opportunity Detect (IBM)
- swg21988934 : Multiple Vulnerabilities in Struts v2 affect IBM InfoSphere Inform (IBM)