Access Permission Override in Apache Struts Affects Multiple Versions
CVE-2019-0233

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Struts
Vendor: CVE Published:; 14 September 2020

🔔 Create Apache Vulnerability Alert

What is CVE-2019-0233?

An access permission override vulnerability exists in Apache Struts versions 2.0.0 to 2.5.20, which could potentially lead to a denial of service during file uploads. This flaw may allow attackers to exploit the improper handling of file permissions, disrupting the normal operation of applications utilizing this framework.

Affected Version(s)

Apache Struts Apache Struts 2.0.0 to 2.5.20

References

https://cwiki.apache.org/confluence/display/ww/s2-060

x_refsource_MISC

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2982840

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 14, 2020
Vulnerability Reserved
Nov 14, 2018

.

CVE-2019-0233 : Access Permission Override in Apache Struts Affects Multiple Versions