Apache Struts Multiple Function Error Message XSS

ID OSVDB:24365
Type osvdb
Reporter OSVDB
Modified 2006-02-22T10:17:36


Solution Description

Upgrade to version 1.2.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes



Vendor URL: http://struts.apache.org/ Vendor Specific News/Changelog Entry: http://issues.apache.org/bugzilla/show_bug.cgi?id=38749 Vendor Specific News/Changelog Entry: http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html Security Tracker: 1015856 Secunia Advisory ID:20117 Secunia Advisory ID:19493 Related OSVDB ID: 24363 Related OSVDB ID: 24364 Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html CVE-2006-1548 Bugtraq ID: 17342