Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass

2006-01-21T10:17:36
ID OSVDB:24363
Type osvdb
Reporter OSVDB
Modified 2006-01-21T10:17:36

Description

Solution Description

Upgrade to version 1.2.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://struts.apache.org/ Vendor Specific News/Changelog Entry: http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html Vendor Specific News/Changelog Entry: http://issues.apache.org/bugzilla/show_bug.cgi?id=38374 Security Tracker: 1015856 Secunia Advisory ID:20117 Secunia Advisory ID:19493 Related OSVDB ID: 24365 Related OSVDB ID: 24364 Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html Mail List Post: http://mail-archives.apache.org/mod_mbox/struts-user/200601.mbox/%3c20060121221800.15814.qmail@web32607.mail.mud.yahoo.com%3e CVE-2006-1546 Bugtraq ID: 17342