Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • CPE Vendor: cpe:/:apache
  • CPE Product: cpe:/:apache:struts
  • CPE Product Version: cpe:/:apache:struts:1.0.7
There are 3 matching records.
Displaying matches 1 through 3.
Vuln ID Summary CVSS Severity
CVE-2006-1546

Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.

Published: March 30, 2006; 5:02:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-1547

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.

Published: March 30, 2006; 5:02:00 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2006-1548

Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.

Published: March 30, 2006; 5:02:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM