4.3

CVE-2005-3745

Exploit
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheStruts Version1.2.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 25.71% 0.977
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.redhat.com/support/errata/RHSA-2006-0161.html
http://secunia.com/advisories/17677
http://secunia.com/advisories/18341
http://securityreason.com/securityalert/197
http://securitytracker.com/id?1015257
http://www.hacktics.com/AdvStrutsNov05.html
Patch
Vendor Advisory
Exploit
http://www.osvdb.org/21021
http://www.redhat.com/support/errata/RHSA-2006-0157.html
http://www.securityfocus.com/archive/1/417296/30/0/threaded
http://www.securityfocus.com/bid/15512
Patch
Exploit
http://www.vupen.com/english/advisories/2005/2525
https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E
https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E