CVE-2008-6505

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in maven/org.apache.struts/struts2-core

Identifiers

GHSA-wv7g-xhvw-8hcp, CVE-2008-6505

Package Slug

maven/org.apache.struts/struts2-core

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.

Affected Versions

All versions starting from 2.0.0 before 2.0.12, all versions starting from 2.1.0 before 2.1.3

Solution

Upgrade to versions 2.0.12, 2.1.3 or above.

Last Modified

2024-02-12

source