2014-12-10 15:00:00
redhat
PUBLISHED
Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism.