Apache Struts 2.0.9/2.1.8 - Session Tampering Security Bypass

EDB-ID:

36426




Platform:

Multiple

Date:

2011-12-07


source: https://www.securityfocus.com/bid/50940/info

Apache Struts is prone to a security-bypass vulnerability that allows session tampering.

Successful attacks will allow attackers to bypass security restrictions and gain unauthorized access.

Apache Struts versions 2.0.9 and 2.1.8.1 are vulnerable; other versions may also be affected. 

http://www.example.com/SomeAction.action?session.somekey=someValue