CNNVD-202601-1787 Information
CNNVD ID
CNNVD-202601-1787
Related CVE
- CNNVD Published: 2026-01-11
Description (Chinese)
Apache Struts是美国阿帕奇(Apache)基金会的一个开源项目,是一套用于创建企业级Java Web应用的开源MVC框架,主要提供两个版本框架产品,Struts 1和Struts 2。 Apache Struts 2.0.0版本至2.3.37版本、2.5.0版本至2.5.33版本和6.0.0 版本至6.1.0版本存在安全漏洞,该漏洞源于缺少XML验证,容易受到XML外部实体注入攻击。
Description (English)
Apache Struts, an open-source project of the Apache Foundation in the United States, is an open-source MVC framework for the creation of enterprise-level Java Web applications, which provides two versions of framework products, Struts 1 and Struts 2. There is a security loophole between Appache Struts 2.0.0 to 2.3.37, 2.5.0 to 2.5.33 and 6.0.0 to 6.1.0, which stems from a lack of XML certification and is vulnerable to input attacks by outside XML entities.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
阿帕奇
Published
2026-01-11
Last Modified
2026-02-24
References
http://www.openwall.com/lists/oss-security/2026/01/11/2 https://cwiki.apache.org/confluence/display/WW/S2-069 https://access.redhat.com/security/cve/cve-2025-68493
Patch
https://struts.apache.org/download.cgi
Share on: