Lucene search

DebianDEBIAN:DLA-292-1:5DAF9

HistoryAug 17, 2015 - 5:41 p.m.

[SECURITY] [DLA 292-1] libstruts1.2-java security update

2015-08-1717:41:56

lists.debian.org

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

55.6%

JSON

Package : libstruts1.2-java
Version : 1.2.9-4+deb6u2
CVE ID : CVE-2014-0899

The Validator in Apache Struts 1.1 and later contains a function to
efficiently define rules for input validation across multiple pages during
screen transitions. This function contains a vulnerability where input
validation may be bypassed. When the Apache Struts 1 Validator is used,
the web application may be vulnerable even when this function is not used
explicitly.

OSVersionArchitecturePackageVersionFilename
Debian6alllibstruts1.2-java< 1.2.9-4+deb6u2libstruts1.2-java_1.2.9-4+deb6u2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	all	libstruts1.2-java	< 1.2.9-4+deb6u2	libstruts1.2-java_1.2.9-4+deb6u2_all.deb

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

55.6%

JSON

Related for DEBIAN:DLA-292-1:5DAF9