Lucene search

[email protected]CVE-2012-1006

HistoryFeb 07, 2012 - 4:09 a.m.

CVE-2012-1006

2012-02-0704:09:20

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-1006

xss

apache struts

remote code execution

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.614 Medium

EPSS

Percentile

97.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.

Affected configurations

NVD

Node

apachestrutsMatch2.0.14

apachestrutsMatch2.2.3

CPENameOperatorVersion
apache:strutsapache strutseq2.0.14
apache:strutsapache strutseq2.2.3

CPE	Name	Operator	Version
apache:struts	apache struts	eq	2.0.14
apache:struts	apache struts	eq	2.2.3

References

secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt

secpod.org/blog/?p=450

www.securityfocus.com/bid/51902

exchange.xforce.ibmcloud.com/vulnerabilities/72888

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.614 Medium

EPSS

Percentile

97.8%

JSON

Related for CVE-2012-1006

nessus2 prion1 nvd1 seebug1 ubuntucve1 openvas2 github1 osv1 cvelist1 ibm2