Apache : Security Vulnerabilities, CVEs, Published In 2014 (CSRF)
Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.
Max CVSS
6.8
EPSS Score
0.19%
Published
2014-12-10
Updated
2018-10-09
1 vulnerabilities found