7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.9%
Seasar S2Struts provided by The Seasar Foundation is a software framework for creating Java web applications. Seasar S2Struts bundles Apache Struts that is vulnerable to the ClassLoader manipulation (CVE-2014-0114). Consequently, Seasar S2Struts contains the same vulnerability.
On a server where Seasar S2Struts is running, a remote attacker may obtain information or execute arbitrary code.
Update the Software
Update the software according to the information provided by the developer.
Seasar S2Struts 1.2.12 and earlier
Seasar S2Struts 1.3.1 and earlier