Vulnerability Details : CVE-2015-1831
The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2015-1831
Probability of exploitation activity in the next 30 days: 1.19%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-1831
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2015-1831
-
https://struts.apache.org/docs/s2-024.html
S2-024 - DEPRECATED: Apache Struts 2 Documentation - Apache Software FoundationVendor Advisory
-
http://www.securitytracker.com/id/1032985
Apache Struts Incorrect Default 'excludeParams' Configuration Lets Remote Users Bypass Security Restrictions - SecurityTracker
-
http://www.securityfocus.com/bid/75940
Apache Struts CVE-2015-1831 Security Bypass Vulnerability
Products affected by CVE-2015-1831
- cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*