CVE-2005-3745

Sažetak

Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.

Reference

http://www.hacktics.com/AdvStrutsNov05.html
http://www.securityfocus.com/bid/15512
http://www.osvdb.org/21021
http://secunia.com/advisories/17677
http://securitytracker.com/id?1015257
http://www.redhat.com/support/errata/RHSA-2006-0157.html
http://secunia.com/advisories/18341
http://www.redhat.com/support/errata/RHSA-2006-0161.html
http://securityreason.com/securityalert/197
http://www.vupen.com/english/advisories/2005/2525
http://www.securityfocus.com/archive/1/417296/30/0/threaded
https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E
https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

07-11-2023 - 01:57

Objavljeno

22-11-2005 - 11:03