Home

CVE-2016-1182

Description

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.

Risk Information

Base Score
8.2
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
EPSS Score
Exploitation Probability
1.392

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in IBM WebSphere 7.0.0.43Windows
Multiple vulnerabilities are fixed in IBM WebSphere 8.0.0.13Windows
Multiple vulnerabilities are fixed in IBM WebSphere 8.5.5.10Windows
Vulnerabilities CVE-2016-5387,CVE-2016-3092,CVE-2016-1182,CVE-2016-1181 are fixed in IBM WebSphere 9.0.0.1Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 8.2Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 8.3Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 8.4Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 15.1Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 15.2Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 16.1Windows
Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 16.2Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.2Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.3Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0Windows
Vulnerabilities CVE-2016-1181,CVE-2016-1182,CVE-2023-34396 are affected in Apache - Struts 1.2.9Windows
Vulnerabilities CVE-2012-1007,CVE-2016-1181,CVE-2016-1182,CVE-2023-34396 are affected in Apache - struts-core 1.3.10Windows
Vulnerabilities CVE-2016-1181,CVE-2016-1182,CVE-2023-34396 are affected in Apache - Struts for Linux 1.2.9Linux
Vulnerabilities CVE-2012-1007,CVE-2016-1181,CVE-2016-1182,CVE-2023-34396 are affected in Apache - struts-core for Linux 1.3.10Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234