Vulnerabilities > CVE-2019-0233 - Improper Preservation of Permissions vulnerability in multiple products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

apache

oracle

CWE-281

NVD

Published: 2020-09-14

Updated: 2022-04-18

Summary

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Struts 2.0.0 Apache Struts 2.0.1 Apache Struts 2.0.2 Apache Struts 2.0.3 Apache Struts 2.0.4 Apache Struts 2.0.5 Apache Struts 2.0.6 Apache Struts 2.0.7 Apache Struts 2.0.8 Apache Struts 2.0.9 Apache Struts 2.0.10 Apache Struts 2.0.11 Apache Struts 2.0.11.1 Apache Struts 2.0.11.2 Apache Struts 2.0.12 Apache Struts 2.0.13 Apache Struts 2.0.14 Apache Struts 2.1.0 Apache Struts 2.1.1 Apache Struts 2.1.2 Apache Struts 2.1.3 Apache Struts 2.1.4 Apache Struts 2.1.5 Apache Struts 2.1.6 Apache Struts 2.1.7 Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.2.1 Apache Struts 2.2.1.1 Apache Struts 2.2.3 Apache Struts 2.2.3.1 Apache Struts 2.3.0 Apache Struts 2.3.1 Apache Struts 2.3.1.1 Apache Struts 2.3.1.2 Apache Struts 2.3.3 Apache Struts 2.3.4 Apache Struts 2.3.4.1 Apache Struts 2.3.5 Apache Struts 2.3.6 Apache Struts 2.3.7 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.10 Apache Struts 2.3.11 Apache Struts 2.3.12 Apache Struts 2.3.13 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.16.3 Apache Struts 2.3.17 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.20.1 Apache Struts 2.3.20.2 Apache Struts 2.3.20.3 Apache Struts 2.3.21 Apache Struts 2.3.22 Apache Struts 2.3.23 Apache Struts 2.3.24 Apache Struts 2.3.24.1 Apache Struts 2.3.24.2 Apache Struts 2.3.24.3 Apache Struts 2.3.25 Apache Struts 2.3.26 Apache Struts 2.3.27 Apache Struts 2.3.28 Apache Struts 2.3.28.1 Apache Struts 2.3.29 Apache Struts 2.3.30 Apache Struts 2.3.31 Apache Struts 2.3.32 Apache Struts 2.3.33 Apache Struts 2.3.34 Apache Struts 2.5 Apache Struts 2.5.0 Apache Struts 2.5.1 Apache Struts 2.5.2 Apache Struts 2.5.3 Apache Struts 2.5.4 Apache Struts 2.5.5 Apache Struts 2.5.6 Apache Struts 2.5.7 Apache Struts 2.5.8 Apache Struts 2.5.9 Apache Struts 2.5.10 Apache Struts 2.5.10.1 Apache Struts 2.5.11 Apache Struts 2.5.12 Apache Struts 2.5.13 Apache Struts 2.5.14 Apache Struts 2.5.14.1 Apache Struts 2.5.15 Apache Struts 2.5.16 Apache Struts 2.5.17 Apache Struts 2.5.18 Apache Struts 2.5.19 Apache Struts 2.5.20	110
Application	Oracle Oracle Communications Policy Management 12.5.0 Oracle Financial Services Data Integration HUB 8.0.3 Oracle Financial Services Data Integration HUB 8.0.6 Oracle Financial Services Market Risk Measurement AND Management 8.0.6 Oracle Mysql Enterprise Monitor - Oracle Mysql Enterprise Monitor 2.3.14 Oracle Mysql Enterprise Monitor 3.0.4 Oracle Mysql Enterprise Monitor 3.0.25 Oracle Mysql Enterprise Monitor 3.1.0 Oracle Mysql Enterprise Monitor 3.1.1 Oracle Mysql Enterprise Monitor 3.1.2 Oracle Mysql Enterprise Monitor 3.1.3 Oracle Mysql Enterprise Monitor 3.1.3.7856 Oracle Mysql Enterprise Monitor 3.1.4 Oracle Mysql Enterprise Monitor 3.1.5 Oracle Mysql Enterprise Monitor 3.1.6 Oracle Mysql Enterprise Monitor 3.1.6.8003 Oracle Mysql Enterprise Monitor 3.1.7 Oracle Mysql Enterprise Monitor 3.2.0 Oracle Mysql Enterprise Monitor 3.2.1 Oracle Mysql Enterprise Monitor 3.2.2 Oracle Mysql Enterprise Monitor 3.2.3 Oracle Mysql Enterprise Monitor 3.2.4 Oracle Mysql Enterprise Monitor 3.2.5 Oracle Mysql Enterprise Monitor 3.2.6 Oracle Mysql Enterprise Monitor 3.2.7 Oracle Mysql Enterprise Monitor 3.2.8 Oracle Mysql Enterprise Monitor 3.2.8.2223 Oracle Mysql Enterprise Monitor 3.2.9 Oracle Mysql Enterprise Monitor 3.2.10 Oracle Mysql Enterprise Monitor 3.2.1182 Oracle Mysql Enterprise Monitor 3.3.0 Oracle Mysql Enterprise Monitor 3.3.1 Oracle Mysql Enterprise Monitor 3.3.2 Oracle Mysql Enterprise Monitor 3.3.2.1162 Oracle Mysql Enterprise Monitor 3.3.3 Oracle Mysql Enterprise Monitor 3.3.4 Oracle Mysql Enterprise Monitor 3.3.4.3247 Oracle Mysql Enterprise Monitor 3.3.5 Oracle Mysql Enterprise Monitor 3.3.6 Oracle Mysql Enterprise Monitor 3.3.7 Oracle Mysql Enterprise Monitor 3.3.8 Oracle Mysql Enterprise Monitor 3.3.9 Oracle Mysql Enterprise Monitor 3.4.0 Oracle Mysql Enterprise Monitor 3.4.1 Oracle Mysql Enterprise Monitor 3.4.2 Oracle Mysql Enterprise Monitor 3.4.2.4181 Oracle Mysql Enterprise Monitor 3.4.3 Oracle Mysql Enterprise Monitor 3.4.4 Oracle Mysql Enterprise Monitor 3.4.5 Oracle Mysql Enterprise Monitor 3.4.6 Oracle Mysql Enterprise Monitor 3.4.7 Oracle Mysql Enterprise Monitor 3.4.7.4297 Oracle Mysql Enterprise Monitor 3.4.8 Oracle Mysql Enterprise Monitor 3.4.9 Oracle Mysql Enterprise Monitor 3.4.9.4237 Oracle Mysql Enterprise Monitor 3.4.10 Oracle Mysql Enterprise Monitor 4.0.0 Oracle Mysql Enterprise Monitor 4.0.1 Oracle Mysql Enterprise Monitor 4.0.2 Oracle Mysql Enterprise Monitor 4.0.3 Oracle Mysql Enterprise Monitor 4.0.4 Oracle Mysql Enterprise Monitor 4.0.4.5235 Oracle Mysql Enterprise Monitor 4.0.5 Oracle Mysql Enterprise Monitor 4.0.6 Oracle Mysql Enterprise Monitor 4.0.6.5281 Oracle Mysql Enterprise Monitor 4.0.7 Oracle Mysql Enterprise Monitor 4.0.8 Oracle Mysql Enterprise Monitor 4.0.12 Oracle Mysql Enterprise Monitor 4.1 Oracle Mysql Enterprise Monitor 8.0.0 Oracle Mysql Enterprise Monitor 8.0.0.8131 Oracle Mysql Enterprise Monitor 8.0.1 Oracle Mysql Enterprise Monitor 8.0.2 Oracle Mysql Enterprise Monitor 8.0.2.8191 Oracle Mysql Enterprise Monitor 8.0.3 Oracle Mysql Enterprise Monitor 8.0.14 Oracle Mysql Enterprise Monitor 8.0.20 Oracle Mysql Enterprise Monitor 8.0.21 Oracle Mysql Enterprise Monitor 8.0.22 Oracle Mysql Enterprise Monitor 8.0.23	81

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References