Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20. (CVE-2015-5169)
When debug mode is switched on in Apache Struts, under certain conditions, an arbitrary script may be executed in the ‘Problem Report’ screen. Affected versions are Struts 2.0.0 - 2.3.16.3.
Impact
There is no impact; F5 products are not affected by this vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.3.0 | |
big-ip afm | eq | 11.4.0 | |
big-ip afm | eq | 11.4.1 | |
big-ip afm | eq | 11.5.0 | |
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.6.0 | |
big-ip afm | eq | 12.0.0 | |
big-ip analytics | eq | 11.0.0 |