Lucene search
K

9 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:32 a.m.32 views

Security Bulletin: OPEN Source Apache Struts Vulnerabilities IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, and Platform HPC (CVE-2016-4003)

Summary Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the URLDecoder implementation. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security...

0.2AI score0.11562EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:32 a.m.34 views

Security Bulletin:Multiple vulnerabilities in IBM JRE affect IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, and Platform HPC(CVE-2016-4003)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6, 7 that is used by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, and Platform HPC. These issues were disclosed in the Oracle April 2016 Critic...

9.3CVSS0.11562EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:47 p.m.26 views

Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2016-4003)

Summary An Apache Struts vulnerability was addressed by IBM Social Media Analytics 1.3.0 IF18. An upgrade to Apache Struts version 2.3.28.1 was performed. Vulnerability Details CVE-ID:CVE-2016-4003 Description: Apache Struts is vulnerable to cross-site scripting, caused by improper validation of...

6.1CVSS6.7AI score0.11562EPSS
Exploits0Affected Software1
Prion
Prion
added 2017/10/31 2:29 p.m.20 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4003. Reason: This candidate is a reservation duplicate of CVE-2016-4003. Notes: All CVE users should reference CVE-2016-4003 instead of this candidate. All references and descriptions in this candidate have been removed to...

6.2AI score0.11562EPSS
Exploits0
F5 Networks
F5 Networks
added 2016/04/25 12:0 a.m.249 views

SOL17588029 - Apache Struts vulnerabilities CVE-2016-0785, CVE-2016-2162, CVE-2016-3081, CVE-2016-3082, and CVE-2016-4003

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

10CVSS2.9AI score0.9373EPSS
Exploits12References4
NVD
NVD
added 2016/04/12 4:59 p.m.21 views

CVE-2016-4003

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

6.1CVSS6.6AI score0.11562EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2016/04/12 4:59 p.m.31 views

CVE-2016-4003

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

6.1CVSS6.8AI score0.11562EPSS
Exploits0References4
CVE
CVE
added 2016/04/12 4:0 p.m.97 views

CVE-2016-4003

CVE-2016-4003 is a cross-site scripting (XSS) vulnerability in the URLDecoder component used by Apache Struts 2.x (pre-2.3.28) when a single-byte page encoding is assumed. An attacker can craft a URL-encoded parameter containing multi-byte characters to inject script/HTML in victims’ browsers. Th...

6.1CVSS5.9AI score0.11562EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2016/04/12 4:0 p.m.29 views

CVE-2016-4003

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

6.1AI score0.11562EPSS
Exploits0References4
Rows per page
Query Builder