ActionServlet.java in Apache Struts 1 1.x up to and including 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote malicious users to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle banking platform 2.4.1 |
||
oracle banking platform 2.5.0 |
||
oracle portal 11.1.1.6 |
||
oracle banking platform 2.3.0 |
||
oracle banking platform 2.4.0 |
||
apache struts 1.0 |
||
apache struts 1.1 |
||
apache struts 1.2.3 |
||
apache struts 1.2.4 |
||
apache struts 1.2.5 |
||
apache struts 1.3.7 |
||
apache struts 1.3.8 |
||
apache struts 1.0.2 |
||
apache struts 1.2.1 |
||
apache struts 1.2.2 |
||
apache struts 1.3.5 |
||
apache struts 1.3.6 |
||
apache struts 1.2.6 |
||
apache struts 1.2.7 |
||
apache struts 1.3.9 |
||
apache struts 1.3.10 |
||
apache struts 1.0.1 |
||
apache struts 1.2.0 |
||
apache struts 1.2.8 |
||
apache struts 1.2.9 |