Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown
CVE-2016-1182
Disclosure Date: July 04, 2016 (last updated November 25, 2024)
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.
0
Attacker Value
Unknown
CVE-2016-1181
Disclosure Date: July 04, 2016 (last updated November 25, 2024)
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.
0
Attacker Value
Unknown
CVE-2015-0899
Disclosure Date: July 04, 2016 (last updated November 25, 2024)
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.
0