7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.015 Low
EPSS
Percentile
85.7%
Struts is a framework for building web applications with Java.
A validation bug was found in the way Struts handles
org.apache.struts.taglib.html.Constants.CANCEL requests. If it is possible
for a remote attacker to inject a CANCEL request during a validation
operation, it may be possible for the attacker to acquire credentials
without the proper authentication information. (CVE-2006-1546)
A denial of service bug was found in the way Struts handles
multipart/form-data encoded form data. If it is possible for a remote
attacker to reference the public getMultipartRequestHandler method, the
attacker can prevent the Struts application from functioning properly.
(CVE-2006-1547)
A cross site scripting bug was found in the way Struts displays certain
error messages via its LookupDispatchAction, DispatchAction, and
ActionDispatcher handler. It may be possible for an attacker to construct a
specially crafted URL that could fool a victim into believing they are
viewing a trusted site. (CVE-2006-1548)
All users of Struts should upgrade to this updated package containing
Struts version 1.2.9, which is not vulnerable to these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | noarch | struts | < 1.2.9-0jpp_2rh | struts-1.2.9-0jpp_2rh.noarch.rpm |
RedHat | any | noarch | struts-webapps-tomcat5 | < 1.2.9-0jpp_2rh | struts-webapps-tomcat5-1.2.9-0jpp_2rh.noarch.rpm |
RedHat | any | noarch | struts-javadoc | < 1.2.9-0jpp_2rh | struts-javadoc-1.2.9-0jpp_2rh.noarch.rpm |
RedHat | any | noarch | struts-javadoc | < 1.2.9-0jpp_1rh | struts-javadoc-1.2.9-0jpp_1rh.noarch.rpm |
RedHat | any | noarch | struts | < 1.2.9-0jpp_1rh | struts-1.2.9-0jpp_1rh.noarch.rpm |
RedHat | any | noarch | struts-manual | < 1.2.9-0jpp_1rh | struts-manual-1.2.9-0jpp_1rh.noarch.rpm |
RedHat | any | noarch | struts-webapps-tomcat5 | < 1.2.9-0jpp_1rh | struts-webapps-tomcat5-1.2.9-0jpp_1rh.noarch.rpm |
RedHat | any | noarch | struts-manual | < 1.2.9-0jpp_2rh | struts-manual-1.2.9-0jpp_2rh.noarch.rpm |