ActionServlet.java in Apache Struts 1 1.x up to and including 1.3.10 does not properly restrict the Validator configuration, which allows remote malicious users to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache struts 1.0 |
||
apache struts 1.1 |
||
apache struts 1.2.5 |
||
apache struts 1.2.6 |
||
apache struts 1.3.9 |
||
apache struts 1.3.10 |
||
apache struts 1.0.2 |
||
apache struts 1.2.1 |
||
apache struts 1.2.2 |
||
apache struts 1.2.9 |
||
apache struts 1.3.5 |
||
apache struts 1.2.3 |
||
apache struts 1.2.4 |
||
apache struts 1.3.7 |
||
apache struts 1.3.8 |
||
apache struts 1.3.6 |
||
apache struts 1.0.1 |
||
apache struts 1.2.0 |
||
apache struts 1.2.7 |
||
apache struts 1.2.8 |