CVE-2006-1546
Description
Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a org.apache.struts.taglib.html.Constants.CANCEL parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
Risk Information
Base Score
7.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
Exploitation Probability
1.612
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2006-1546,CVE-2006-1548,CVE-2006-1547 are fixed in Apache - Struts 1.2.9 | Windows |
| Vulnerabilities CVE-2006-1546,CVE-2006-1548,CVE-2006-1547 are fixed in Apache - Struts for Linux 1.2.9 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234