[Japanese]

JVNDB-2006-000615

Apache Struts Validator allows to bypass input data validation

Overview

Apache Struts is a Web application framework from the Apache Software Foundation.
Apache Struts contains a vulnerability allowing to bypass input data validation by the Validator.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Apache Software Foundation
  • Apache Struts 1.2.8 and earlier
NEC Corporation
  • OpenMeisterEnterprise (Java)

Impact

Depending on the web application, an attacker may be able to manipulate unexpected operations by bypassing validation of input data. For example, unintended format data may be saved.
Solution

Vendor Information

Apache Software Foundation NEC Corporation
  • NEC Security Information : NV06-003 (Japanese)
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2006-1546
References

  1. JVN : JVN#72225922
  2. National Vulnerability Database (NVD) : CVE-2006-1546
  3. Secunia Advisory : SA19493
  4. SecurityFocus : 17342
  5. SecurityTracker : 1015856
  6. FrSIRT Advisories : FrSIRT/ADV-2006-1205
Revision History

  • [2008/05/21]
      Web page published