8.2
CVE-2016-1182
- EPSS 25.74%
- Veröffentlicht 04.07.2016 22:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 25.74% | 0.977 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.2 | 3.9 | 4.2 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://www.oracle.com/security-alerts/cpujan2020.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://security.netapp.com/advisory/ntap-20180629-0006/
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
http://www.securityfocus.com/bid/91787
https://www.oracle.com/security-alerts/cpujul2020.html
http://www.securitytracker.com/id/1036056
https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
http://jvn.jp/en/jp/JVN65044642/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000097
http://www.securityfocus.com/bid/91067
https://bugzilla.redhat.com/show_bug.cgi?id=1343540
https://security-tracker.debian.org/tracker/CVE-2016-1182