Lucene search

K
cve[email protected]CVE-2006-1546
HistoryMar 30, 2006 - 10:02 p.m.

CVE-2006-1546

2006-03-3022:02:00
NVD-CWE-Other
web.nvd.nist.gov
56
cve
apache software foundation
struts
validation bypass
nvd

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.8%

Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a ‘org.apache.struts.taglib.html.Constants.CANCEL’ parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.

CPENameOperatorVersion
apache:strutsapache strutsle1.2.8

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.8%

Related for CVE-2006-1546