5 matches found
K04403302: Apache Struts 1 vulnerability CVE-2016-1182
Security Advisory Description ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting XSS attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899...
CVE-2016-1181
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service unexpected memory access via a multipart request, a related issue to CVE-2015-0899...
CVE-2016-1182
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting XSS attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899...
CVE-2016-1182
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting XSS attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899...
CVE-2016-1181
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service unexpected memory access via a multipart request, a related issue to CVE-2015-0899...