Default Exclude Patterns Vulnerability in Apache Struts 2.3.20

Default Exclude Patterns Vulnerability in Apache Struts 2.3.20

CVE-2015-1831 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors.

Learn more about our Cis Benchmark Audit For Apache Http Server.