CVE-2011-2088
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
XWork v2.2.1 en Apache Struts v2.2.1, y XWork OpenSymphony en OpenSymphony WebWork, permite a atacantes remotos obtener información sensible acerca de las rutas internas de clases Java a través de vectores implican un elemento s:submit y un método inexistente, una vulnerabilidad diferente de CVE-2011-1772.3.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-05-13 CVE Reserved
- 2011-05-13 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html | X_refsource_misc | |
| http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/518066/100/0/threaded | Mailing List | |
| http://www.ventuneac.net/security-advisories/MVSA-11-006 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://issues.apache.org/jira/browse/WW-3579 | 2018-10-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Struts Search vendor "Apache" for product "Struts" | 2.2.1 Search vendor "Apache" for product "Struts" and version "2.2.1" | - |
Affected
| ||||||
| Opensymphony Search vendor "Opensymphony" | Xwork Search vendor "Opensymphony" for product "Xwork" | 2.2.1 Search vendor "Opensymphony" for product "Xwork" and version "2.2.1" | - |
Affected
| ||||||
| Opensymphony Search vendor "Opensymphony" | Webwork Search vendor "Opensymphony" for product "Webwork" | - | - |
Affected
| ||||||
| Opensymphony Search vendor "Opensymphony" | Xwork Search vendor "Opensymphony" for product "Xwork" | - | - |
Affected
| ||||||