What is CVE-2011-2088?

CVE-2011-2088 is a vulnerability in Apache Struts, classified under Information Disclosure. Published 2011-05-13.

Is CVE-2011-2088 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Apache Struts

CVE-2011-2088

XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexis…

Vulnerability class: Information Disclosure

EPSS: 0.008 (74.8th percentile) — read the EPSS interpretation.

Affected products

Apache Struts — versions 2.2.1
Opensymphony Webwork
Opensymphony Xwork — versions 2.2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

cve@mitre.org (Patch, x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure (mailing-list, x_refsource_BUGTRAQ)

Frequently asked questions

What is CVE-2011-2088?: CVE-2011-2088 is a vulnerability in Apache Struts, classified under Information Disclosure. Published 2011-05-13.
Is CVE-2011-2088 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.