Vulnerabilities > Apache > Struts > 2.3.16.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-08 | CVE-2014-0116 | Permissions, Privileges, and Access Controls vulnerability in Apache Struts CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. | 5.8 |