Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1007

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1007
Last Modified 13 Feb 2012 11:11:13
Published 06 Feb 2012 11:09:20
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1007

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.

Vulnerable Systems

Application

  • Apache Struts 1.3.10


References

MISC - http://secpod.org/blog/?p=450

MISC - http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt

XF - apache-struts-name-xss(73052)


Last Updated: 27 May 2016 10:57:24