|
gptkbp:instance_of
|
gptkb:vulnerability
|
|
gptkbp:affected_component
|
Struts REST plugin.
|
|
gptkbp:affected_platforms
|
Java-based web applications.
|
|
gptkbp:attack_complexity
|
Low.
|
|
gptkbp:availability
|
None.
|
|
gptkbp:cvss_access_complexity
|
Low.
|
|
gptkbp:cvss_access_vector
|
Network.
|
|
gptkbp:cvss_authentication
|
None.
|
|
gptkbp:cvss_availability_impact
|
None.
|
|
gptkbp:cvss_confidentiality_impact
|
High.
|
|
gptkbp:cvss_integrity_impact
|
High.
|
|
gptkbp:cwe_id
|
CWE-74.
|
|
gptkbp:data_privacy
|
High.
|
|
gptkbp:date
|
2017-07-20.
|
|
gptkbp:description
|
A vulnerability in the Apache Struts framework.
|
|
gptkbp:difficulty_levels
|
gptkb:High
|
|
gptkbp:disclosure_method
|
Public announcement.
|
|
gptkbp:discovery
|
Reported by security researchers.
|
|
gptkbp:distributor
|
Apache.
|
|
gptkbp:environmental_initiatives
|
Apply security patches.
|
|
gptkbp:exploit_availability
|
Yes.
|
|
gptkbp:exploit_code
|
Available on Git Hub.
|
|
gptkbp:first_published
|
2017-08-01
|
|
gptkbp:fix_description
|
Patch released to address the vulnerability.
|
|
gptkbp:has_advisory_board
|
Apache Struts Security Advisory.
|
|
gptkbp:has_enemies
|
Remote.
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
CVE-2017-12615
|
|
gptkbp:human_interaction
|
None.
|
|
gptkbp:impact
|
Remote code execution.
Allows attackers to execute arbitrary code.
|
|
gptkbp:impact_severity
|
Critical.
|
|
gptkbp:is_a_solution_for
|
Upgrade to Apache Struts 2.5.13 or later.
|
|
gptkbp:is_referenced_in
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2017-12615
|
|
gptkbp:is_vulnerable_to
|
Publicly available.
8.
Exploitable remotely.
Code Injection.
|
|
gptkbp:latest_version
|
Struts 2.5.0 to 2.5.12.
|
|
gptkbp:privileges_required
|
None.
|
|
gptkbp:provides_support_for
|
Apache Struts 2.5.12 and earlier.
Web applications using Struts.
|
|
gptkbp:publication_year
|
2017-07-25
|
|
gptkbp:published_in
|
NVD.
|
|
gptkbp:reference_link
|
https://nvd.nist.gov/vuln/detail/ CVE-2017-12615.
|
|
gptkbp:regulatory_compliance
|
Apache Security Advisory.
|
|
gptkbp:related_cve
|
CVE-2017-12616.
CVE-2017-12617.
|
|
gptkbp:remediation_steps
|
Update to the latest version.
|
|
gptkbp:report_date
|
2017-07-20.
|
|
gptkbp:reports_to
|
2017-07-25.
Apache Software Foundation.
|
|
gptkbp:risk_management
|
High.
|
|
gptkbp:scope
|
Unchanged.
|
|
gptkbp:score
|
7.5
|
|
gptkbp:security
|
High.
Released.
Potential data breach.
|
|
gptkbp:security_advisory_link
|
https://struts.apache.org/docs/s2-052.html.
|
|
gptkbp:security_impact_description
|
Risk of unauthorized access.
|
|
gptkbp:source
|
CVE database.
|
|
gptkbp:status
|
Resolved.
|
|
gptkbp:vulnerability_class
|
Injection.
|
|
gptkbp:vulnerability_disclosure
|
Responsible disclosure.
|
|
gptkbp:vulnerability_impact
|
Severe.
|
|
gptkbp:vulnerability_reference
|
CVE-2017-12615.
|
|
gptkbp:vulnerability_status
|
Patched.
|
|
gptkbp:vulnerability_type_description
|
Allows remote code execution.
|
|
gptkbp:bfsParent
|
gptkb:Apache_Struts_2.5.20
|
|
gptkbp:bfsLayer
|
8
|