VYPR
Unrated severityNVD Advisory· Published Jan 8, 2012· Updated Jun 16, 2026

CVE-2011-5057

CVE-2011-5057

Description

Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Apache/Struts2 versions
    cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*range: >=2.0.0,<2.3.3
    • (no CPE)range: <=2.3.1.2, 2.3.19-2.3.23

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.