Detections
Analytics

CVE-2016-1182

high

Description

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.

References

https://security.netapp.com/advisory/ntap-20180629-0006/

https://security-tracker.debian.org/tracker/CVE-2016-1182

http://www.securitytracker.com/id/1036056

http://www.securityfocus.com/bid/91787

http://www.securityfocus.com/bid/91067

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000097

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/security-alerts/cpujan2020.html

https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8

https://bugzilla.redhat.com/show_bug.cgi?id=1343540

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://jvn.jp/en/jp/JVN65044642/index.html

Details

Source: Mitre, NVD

Published: 2016-07-04

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Severity: High

EPSS

EPSS: 0.03693

OSZAR »