Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1275

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-1275
Last Modified 29 Apr 2009 01:29:29
Published 09 Apr 2009 11:08:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1275

Summary

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.

Vulnerable Systems

Application

  • Apache Tiles 2.1.0

  • Apache Tiles 2.1.1


References

CONFIRM - https://issues.apache.org/struts/browse/TILES-351

BID - 34657

CONFIRM - http://svn.apache.org/viewvc/tiles/framework/trunk/src/site/apt/security/security-bulletin-1.apt?revision=741913


Last Updated: 27 May 2016 10:50:30