CVE-2013-4310 Medium Severity Vulnerability detected by WhiteSource #47

mend-bolt-for-github · 2018-12-07T07:10:12Z

CVE-2013-4310 - Medium Severity Vulnerability

Vulnerable Libraries - struts2-core-2.0.8.jar, struts2-core-2.0.11.jar

struts2-core-2.0.8.jar

null

path: /java_security_book/Struts2/s2_002/target/struts2-archetype-starter/WEB-INF/lib/struts2-core-2.0.8.jar,/java_security_book/Struts2/s2_001/target/struts2-archetype-starter/WEB-INF/lib/struts2-core-2.0.8.jar,2/repository/org/apache/struts/struts2-core/2.0.8/struts2-core-2.0.8.jar

Dependency Hierarchy:

❌ struts2-core-2.0.8.jar (Vulnerable Library)

struts2-core-2.0.11.jar

null

path: /java_security_book/Struts2/s2_005/target/struts2-archetype-starter/WEB-INF/lib/struts2-core-2.0.11.jar

Dependency Hierarchy:

❌ struts2-core-2.0.11.jar (Vulnerable Library)

Vulnerability Details

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.

Publish Date: 2013-09-30

URL: CVE-2013-4310

CVSS 2 Score Details (5.8)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: http://struts.apache.org/release/2.3.x/docs/s2-018.html

Release Date: 2017-12-31

Fix Resolution: Developers should immediately upgrade to Struts 2.3.15.3

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Dec 7, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2013-4310 Medium Severity Vulnerability detected by WhiteSource #47

CVE-2013-4310 Medium Severity Vulnerability detected by WhiteSource #47

mend-bolt-for-github bot commented Dec 7, 2018

CVE-2013-4310 Medium Severity Vulnerability detected by WhiteSource #47

CVE-2013-4310 Medium Severity Vulnerability detected by WhiteSource #47

Comments

mend-bolt-for-github bot commented Dec 7, 2018

CVE-2013-4310 - Medium Severity Vulnerability