Lucene search

K
f5F5F5:K04403302
HistoryJun 16, 2016 - 12:00 a.m.

K04403302 : Apache Struts 1 vulnerability CVE-2016-1182

2016-06-1600:00:00
my.f5.com
19

AI Score

7.9

Confidence

High

EPSS

0.949

Percentile

99.3%

Security Advisory Description

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899. (CVE-2016-1182)
Impact
Cross-site scripting (XSS) or denial-of-service (DoS) attacks may be possible.