Published: 04/07/2016 Updated: 01/07/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

The MultiPageValidator implementation in Apache Struts 1 1.1 up to and including 1.3.10 allows remote malicious users to bypass intended access restrictions via a modified page parameter.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheStruts1.0, 1.0.2, 1.1, 1.2.2, 1.2.4, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.3.5, 1.3.8, 1.3.10

Vendor Advisories

The MultiPageValidator implementation in Apache Struts 1 11 through 1310 allows remote attackers to bypass intended access restrictions via a modified page parameter ...
The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring (ITM) portal server ...
Oracle Critical Patch Update Advisory - October 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the ...
Multiple security vulnerabilities have been identified and fixed in the IBM Security Privileged Identity Manager Appliance ...

Github Repositories

struts-mini Security patch for struts 138 Struts 1 already stop official supporting for many years In these years, a few critical security vulnerabilities were found in struts 1 This project is a security patch for struts 138, below security vulnerabilities are solved: CVE-2016-1182 ActionServletjava in Apache Struts 1 1x through 1310 does not properly restrict the Va

CVE-2014-0114 - Sårbarhet i Struts 1 Parametrar i en POST- eller GET-request hanteras som egenskaper (properties) som ska sättas med formuläret som utgångspunkt Parametrar kan vara en sökväg till ett nästlat objekt Apache Struts 1x kan manipuleras att anropa getClass() på Form Beans Tex kan man direkt manipulera attribut på