Candidate: CVE-2014-7809
PublicDate: 2014-12-10 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7809
 http://www.securitytracker.com/id/1031309
 http://struts.apache.org/docs/s2-023.html
 http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html
Description:
 Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/>
 values, which allows remote attackers to bypass the CSRF protection
 mechanism.
Ubuntu-Description:
Notes:
 mdeslaur> 2.0.0+
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_libstruts1.2-java:
upstream_libstruts1.2-java: needs-triage
lucid_libstruts1.2-java: not-affected
precise_libstruts1.2-java: not-affected
trusty_libstruts1.2-java: not-affected
trusty/esm_libstruts1.2-java: DNE (trusty was not-affected)
utopic_libstruts1.2-java: not-affected
devel_libstruts1.2-java: DNE