CVE-2015-5209

Publication date 29 August 2017

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

7.5 · High

Score breakdown

Description

Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.

Read the notes from the security team

Status

Package Ubuntu Release Status
libstruts1.2-java 18.04 LTS bionic Not in release
17.10 artful Not in release
17.04 zesty Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release

Notes

ratliff

upstream has a documented work-around

debian

Only affects versions >= 2.x

Severity score breakdown

CVSS version: CVSS v3.0

Base score 7.5 · High

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

Other references

Access our resources on patching vulnerabilities