Published: 04/07/2016 Updated: 15/07/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

ActionServlet.java in Apache Struts 1 1.x up to and including 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote malicious users to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle banking platform 2.4.1
oracle banking platform 2.5.0
oracle portal 11.1.1.6
oracle banking platform 2.3.0
oracle banking platform 2.4.0
apache struts 1.0
apache struts 1.1
apache struts 1.2.3
apache struts 1.2.4
apache struts 1.2.5
apache struts 1.3.7
apache struts 1.3.8
apache struts 1.0.2
apache struts 1.2.1
apache struts 1.2.2
apache struts 1.3.5
apache struts 1.3.6
apache struts 1.2.6
apache struts 1.2.7
apache struts 1.3.9
apache struts 1.3.10
apache struts 1.0.1
apache struts 1.2.0
apache struts 1.2.8
apache struts 1.2.9

ActionServletjava in Apache Struts 1 1x through 1310 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899 ...

Security patch for struts 1.3.8

struts-mini Security patch for struts 138 Struts 1 already stop official supporting for many years In these years, a few critical security vulnerabilities were found in struts 1 This project is a security patch for struts 138, below security vulnerabilities are solved: CVE-2016-1182 ActionServletjava in Apache Struts 1 1x through 1310 does not properly restrict the Va

CVE-2016-1181

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect