Apache Struts Validator allows to bypass input data validation


Apache Struts is a Web application framework from the Apache Software Foundation.
Apache Struts contains a vulnerability allowing to bypass input data validation by the Validator.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products

Apache Software Foundation
  • Apache Struts 1.2.8 and earlier
NEC Corporation
  • OpenMeisterEnterprise (Java)


Depending on the web application, an attacker may be able to manipulate unexpected operations by bypassing validation of input data. For example, unintended format data may be saved.

Vendor Information

Apache Software Foundation NEC Corporation
  • NEC Security Information : NV06-003 (Japanese)
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2006-1546

  1. JVN : JVN#72225922
  2. National Vulnerability Database (NVD) : CVE-2006-1546
  3. Secunia Advisory : SA19493
  4. SecurityFocus : 17342
  5. SecurityTracker : 1015856
  6. FrSIRT Advisories : FrSIRT/ADV-2006-1205
Revision History

  • [2008/05/21]
      Web page published