Access Permission Override in Apache Struts Affects Multiple Versions
CVE-2019-0233

7.5HIGH

Key Information:

Vendor
Apache
Status
Apache Struts
Vendor
CVE Published:
14 September 2020

Summary

An access permission override vulnerability exists in Apache Struts versions 2.0.0 to 2.5.20, which could potentially lead to a denial of service during file uploads. This flaw may allow attackers to exploit the improper handling of file permissions, disrupting the normal operation of applications utilizing this framework.

Affected Version(s)

Apache Struts Apache Struts 2.0.0 to 2.5.20

References

https://cwiki.apache.org/confluence/display/ww/s2-060
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.html
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2982840
x_refsource_MISC

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.