|
|
Subscribe / Log in / New account

struts: input validation bypass

Package(s):struts CVE #(s):CVE-2015-0899
Created:September 4, 2015 Updated:September 10, 2015
Description:

From the Red Hat bug report:

The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validator is used, the web application may be vulnerable even when this function is not used explicitly.

Alerts:
Debian DSA-3536-1 libstruts1.2-java 2016-03-31
Debian-LTS DLA-292-1 libstruts1.2-java 2015-08-17
Fedora FEDORA-2015-14237 struts 2015-09-04
Mageia MGASA-2015-0351 struts 2015-09-08
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds