Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6682

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-6682
Last Modified 28 Apr 2009 01:37:05
Published 09 Apr 2009 11:08:35
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6682

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.

Vulnerable Systems

Application

  • Apache Struts 2.0.11

  • Apache Struts 2.0.6

  • Apache Struts 2.0.8

  • Apache Struts 2.0.9

  • Apache Struts 2.1


References

CONFIRM - http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449i20.html

CONFIRM - http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449.html

CONFIRM - https://issues.apache.org/struts/browse/WW-2427

CONFIRM - https://issues.apache.org/struts/browse/WW-2414

BID - 34686


Last Updated: 27 May 2016 10:49:17