CVE-2019-0233 - OpenCVE

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Oracle	Mysql Enterprise Monitor Communications Policy Management Financial Services Market Risk Measurement And Management Financial Services Data Integration Hub
Apache	Struts

Configuration 1 [-]

cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:oracle:communications_policy_management:12.5.0:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.3:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:::::::*
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::

References

Link	Resource
https://cwiki.apache.org/confluence/display/ww/s2-060	Vendor Advisory
https://launchpad.support.sap.com/#/notes/2982840	Permissions Required Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2020-09-14T16:50:11

Updated: 2021-10-20T10:38:16

Reserved: 2018-11-14T00:00:00

Link: CVE-2019-0233

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-14T17:15:09.980

Modified: 2022-04-18T15:23:16.367

Link: CVE-2019-0233

JSON object: View

Redhat Information

No data.

CWE

CWE-281

{"containers": {"cna": {"affected": [{"product": "Apache Struts", "vendor": "n/a", "versions": [{"status": "affected", "version": "Apache Struts 2.0.0 to 2.5.20"}]}], "descriptions": [{"lang": "en", "value": "An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-20T10:38:16", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cwiki.apache.org/confluence/display/ww/s2-060"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2982840"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2019-0233", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Struts", "version": {"version_data": [{"version_value": "Apache Struts 2.0.0 to 2.5.20"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "https://cwiki.apache.org/confluence/display/ww/s2-060", "refsource": "MISC", "url": "https://cwiki.apache.org/confluence/display/ww/s2-060"}, {"name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"name": "https://launchpad.support.sap.com/#/notes/2982840", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2982840"}, {"name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}]}}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2019-0233", "datePublished": "2020-09-14T16:50:11", "dateReserved": "2018-11-14T00:00:00", "dateUpdated": "2021-10-20T10:38:16", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "matchCriteriaId": "A38218D5-0245-4ECE-8215-DEFEAB975689", "versionEndIncluding": "2.5.20", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "5312AC7A-3C16-4967-ACA6-317289A749D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "25B0D39E-A630-4C85-AF90-396FB3E0FE7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "987A0C35-4C7F-4FFB-B47B-37B69A32F879", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "EF6D5112-4055-4F89-A5B3-0DCB109481B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "F48F2267-61EA-4F12-ADE9-85CB6F6B290E", "versionEndIncluding": "8.0.23", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload."}, {"lang": "es", "value": "Una anulaci\u00f3n del permiso de acceso en Apache Struts versiones 2.0.0 hasta 2.5.20, puede causar una Denegaci\u00f3n de Servicio al llevar a cabo una carga de archivo"}], "id": "CVE-2019-0233", "lastModified": "2022-04-18T15:23:16.367", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-14T17:15:09.980", "references": [{"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://cwiki.apache.org/confluence/display/ww/s2-060"}, {"source": "security@apache.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2982840"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-281"}], "source": "nvd@nist.gov", "type": "Primary"}]}