Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1548

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-1548
Last Modified 07 Mar 2011 09:33:17
Published 30 Mar 2006 05:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1548

Summary

Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.

Vulnerable Systems

Application

  • Apache Struts 1.2.8


References

CONFIRM - https://issues.apache.org/struts/browse/STR-2781

VUPEN - ADV-2006-1205

CONFIRM - http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html

CONFIRM - http://issues.apache.org/bugzilla/show_bug.cgi?id=38749

XF - struts-lookupmap-xss(25614)

BID - 17342

SECTRACK - 1015856

SECUNIA - 20117

SECUNIA - 19493

SUSE - SUSE-SR:2006:010


Last Updated: 27 May 2016 10:42:06