Struts Security Vulnerabilities and Issues — Struts CVE List

Lucene search

ApacheStruts

3 matches found

CVE•added 2006/03/30 10:2 p.m.•1047 views

CVE-2006-1547

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elem...

7.8CVSS7.2AI score0.1367EPSS

CVE•added 2006/03/30 10:2 p.m.•114 views

CVE-2006-1546

Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check...

7.5CVSS6.3AI score0.01612EPSS

CVE•added 2006/03/30 10:2 p.m.•78 views

CVE-2006-1548

Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the r...

4.3CVSS5.6AI score0.08769EPSS