CVE-2008-6505

Publication date 23 March 2009

Last updated 17 July 2025

Ubuntu priority

Medium

Why this priority?

Description

Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.

Read the notes from the security team

Status

Package Ubuntu Release Status
libstruts1.2-java 8.10 intrepid Ignored
8.04 LTS hardy Ignored
7.10 gutsy Ignored
6.06 LTS dapper Ignored

Notes

kees

does not seem to apply to 1.2.x series

References

Other references

Access our resources on patching vulnerabilities