8.1

CVE-2016-1181

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleBanking Platform Version2.3.0
OracleBanking Platform Version2.4.0
OracleBanking Platform Version2.4.1
OracleBanking Platform Version2.5.0
OraclePortal Version11.1.1.6
ApacheStruts Version1.0
ApacheStruts Version1.0 Updatebeta1
ApacheStruts Version1.0 Updatebeta2
ApacheStruts Version1.0 Updatebeta3
ApacheStruts Version1.0.1
ApacheStruts Version1.0.2
ApacheStruts Version1.1
ApacheStruts Version1.1 Updateb1
ApacheStruts Version1.1 Updateb2
ApacheStruts Version1.1 Updateb3
ApacheStruts Version1.1 Updaterc1
ApacheStruts Version1.1 Updaterc2
ApacheStruts Version1.2.0
ApacheStruts Version1.2.1
ApacheStruts Version1.2.2
ApacheStruts Version1.2.3
ApacheStruts Version1.2.4
ApacheStruts Version1.2.5
ApacheStruts Version1.2.6
ApacheStruts Version1.2.7
ApacheStruts Version1.2.8
ApacheStruts Version1.2.9
ApacheStruts Version1.3.5
ApacheStruts Version1.3.6
ApacheStruts Version1.3.7
ApacheStruts Version1.3.8
ApacheStruts Version1.3.9
ApacheStruts Version1.3.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.12% 0.959
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Patch
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Patch
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Patch
https://www.oracle.com/security-alerts/cpujan2020.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Patch
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Patch
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://security.netapp.com/advisory/ntap-20180629-0006/
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
http://www.securityfocus.com/bid/91787
Third Party Advisory
VDB Entry
https://www.oracle.com/security-alerts/cpujul2020.html
http://jvn.jp/en/jp/JVN03188560/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096
Third Party Advisory
Vendor Advisory
VDB Entry
http://www.securityfocus.com/bid/91068
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036056
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1343538
Issue Tracking
https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
Patch
Issue Tracking
https://security-tracker.debian.org/tracker/CVE-2016-1181
Third Party Advisory