Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3745

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3745
Last Modified 07 Mar 2011 09:27:04
Published 22 Nov 2005 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3745

Summary

Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.

Vulnerable Systems

Application

  • Apache Struts 1.2.7


References

BID - 15512

BUGTRAQ - 20051121 Security Advisory: Struts Error Message Cross Site Scripting

MISC - http://www.hacktics.com/AdvStrutsNov05.html

VUPEN - ADV-2005-2525

REDHAT - RHSA-2006:0161

REDHAT - RHSA-2006:0157

OSVDB - 21021

SECTRACK - 1015257

SREASON - 197

SECUNIA - 18341

SECUNIA - 17677


Last Updated: 27 May 2016 10:41:02