Test ID:	1.3.6.1.4.1.25623.1.0.808538
Category:	Web application abuses
Title:	Apache Struts 1.x - 1.3.10 Multiple Vulnerabilities - Windows
Summary:	Apache Struts is prone to multiple vulnerabilities.
Description:	Summary: Apache Struts is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An 'actionServlet.java' script mishandles multithreaded access to an ActionForm instance. - An 'actionServlet.java' script does not properly restrict the Validator configuration. - An error in the MultiPageValidator implementation. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code or cause a denial of service or conduct cross-site scripting or bypass intended access restrictions. Affected Software/OS: Apache Struts 1.0 through 1.3.10. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1181 BugTraq ID: 91068 http://www.securityfocus.com/bid/91068 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://bugzilla.redhat.com/show_bug.cgi?id=1343538 https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8 https://security-tracker.debian.org/tracker/CVE-2016-1181 https://security.netapp.com/advisory/ntap-20180629-0006/ https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html http://jvn.jp/en/jp/JVN03188560/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096 https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html http://www.securitytracker.com/id/1036056 Common Vulnerability Exposure (CVE) ID: CVE-2016-1182 BugTraq ID: 91067 http://www.securityfocus.com/bid/91067 https://bugzilla.redhat.com/show_bug.cgi?id=1343540 https://security-tracker.debian.org/tracker/CVE-2016-1182 http://jvn.jp/en/jp/JVN65044642/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000097 Common Vulnerability Exposure (CVE) ID: CVE-2015-0899 BugTraq ID: 74423 http://www.securityfocus.com/bid/74423 Debian Security Information: DSA-3536 (Google Search) http://www.debian.org/security/2016/dsa-3536 http://jvn.jp/en/jp/JVN86448949/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000042
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.