8.2

CVE-2016-1182

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheStruts Version1.0
ApacheStruts Version1.0 Updatebeta1
ApacheStruts Version1.0 Updatebeta2
ApacheStruts Version1.0 Updatebeta3
ApacheStruts Version1.0.1
ApacheStruts Version1.0.2
ApacheStruts Version1.1
ApacheStruts Version1.1 Updateb1
ApacheStruts Version1.1 Updateb2
ApacheStruts Version1.1 Updateb3
ApacheStruts Version1.1 Updaterc1
ApacheStruts Version1.1 Updaterc2
ApacheStruts Version1.2.0
ApacheStruts Version1.2.1
ApacheStruts Version1.2.2
ApacheStruts Version1.2.3
ApacheStruts Version1.2.4
ApacheStruts Version1.2.5
ApacheStruts Version1.2.6
ApacheStruts Version1.2.7
ApacheStruts Version1.2.8
ApacheStruts Version1.2.9
ApacheStruts Version1.3.5
ApacheStruts Version1.3.6
ApacheStruts Version1.3.7
ApacheStruts Version1.3.8
ApacheStruts Version1.3.9
ApacheStruts Version1.3.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 25.74% 0.977
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.2 3.9 4.2
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Patch
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Patch
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Patch
https://www.oracle.com/security-alerts/cpujan2020.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Patch
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://security.netapp.com/advisory/ntap-20180629-0006/
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
http://www.securityfocus.com/bid/91787
Third Party Advisory
VDB Entry
https://www.oracle.com/security-alerts/cpujul2020.html
http://www.securitytracker.com/id/1036056
Third Party Advisory
VDB Entry
https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
Patch
Issue Tracking
http://jvn.jp/en/jp/JVN65044642/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000097
Third Party Advisory
Vendor Advisory
VDB Entry
http://www.securityfocus.com/bid/91067
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1343540
Issue Tracking
https://security-tracker.debian.org/tracker/CVE-2016-1182
Third Party Advisory