2549 matches found
Moderate: Red Hat Security Advisory: struts security update for Red Hat Application Server
An updated Struts package that fixes several security issues is now available for Red Hat Application Server. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Struts is a framework for building web applications with Java. A validation bug was...
JVN#72225922 Apache Struts Validator allows to bypass input data validation
Impact Depending on the web application, an attacker may be able to manipulate unexpected operations by bypassing validation of input data. For example, unintended format data may be saved. Solution Products Affected Apache Struts 1.2.8 and earlier...
Multiple Apache Struts application server security vulnerabilities
Protection bypass, crossite scripting, DoS...
[SA19493] Struts Multiple Vulnerabilities
TITLE: Struts Multiple Vulnerabilities SECUNIA ADVISORY ID: SA19493 VERIFY ADVISORY: http://secunia.com/advisories/19493/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, DoS WHERE: From remote SOFTWARE: Apache Struts 1.2.x http://secunia.com/product/6179/ DESCRIPTION:...
CVE-2006-1547
ActionForm in Apache Software Foundation ASF Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to...
CVE-2006-1546
Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check...
Cross site scripting
Cross-site scripting XSS vulnerability in 1 LookupDispatchAction and possibly 2 DispatchAction and 3 ActionDispatcher in Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting...
Input validation
Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check...
Information disclosure
ActionForm in Apache Software Foundation ASF Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to...
CVE-2006-1547
ActionForm in Apache Software Foundation ASF Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to...
CVE-2006-1547
ActionForm in Apache Software Foundation ASF Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to...
CVE-2006-1546
Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check...
CVE-2006-1548
CVE-2006-1548 is an XSS vulnerability in Apache Struts prior to 1.2.9. The flaw allows remote attackers to inject arbitrary script/HTML via the request parameter name in LookUpDispatchAction, and possibly DispatchAction and ActionDispatcher, with the error message not filtering the input. Connect...
CVE-2006-1546
CVE-2006-1546 : Apache Struts 1.x before 1.2.9 is vulnerable to bypassing validation via a request param org.apache.struts.taglib.html.Constants.CANCEL, causing the action to be canceled but may not be detected by applications that skip isCancelled(). Affects Struts 1.x components and can lead to...
CVE-2006-1547
CVE-2006-1547 affects Apache Struts 1.x before 1.2.9 when used with BeanUtils 1.7. The vulnerability arises from ActionForm handling a multipart/form-data form where a parameter name references getMultipartRequestHandler, granting access to elements in CommonsMultipartRequestHandler and BeanUtils...
CVE-2006-1548
Cross-site scripting XSS vulnerability in 1 LookupDispatchAction and possibly 2 DispatchAction and 3 ActionDispatcher in Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting...
CVE-2006-1547
ActionForm in Apache Software Foundation ASF Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to...
CVE-2006-1546
Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check...
PT-2006-2547 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Software Foundation ASF Struts versions prior to 1.2.9 Description: The issue allows remote attackers to bypass validation by sending a request with a parameter org.apache.struts.taglib.html.Constants.CANCEL, causing the action to be...
security flaw
Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...