Check Point Advisories

Update Protection against Apache Struts Security Bypass and Directory Traversal

Check Point Reference: CPAI-2008-240
Date Published: 7 Nov 2008
Severity: Medium
Last Updated: Tuesday 01 January, 2008
Source: Secunia Advisory: SA32497
Protection Provided by:
Who is Vulnerable? Apache Software Foundation Struts Prior to 2.0.12
Vulnerability Description A directory traversal vulnerability has been reported in Apache Struts. Apache Struts is a Java-based web application development framework. This vulnerability allows an attacker to access normally-inaccessible files and directories through a specially-created HTTP request, leading to potential disclosure of sensitive information.
Vulnerability DetailsThe flaw is due to the way Apache Struts handles crafted URIs that contain directory traversal patterns. This allows attackers access outside legitimate folders and can lead to security restriction bypassing and sensitive information disclosure.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK