CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
55.6%
Package : libstruts1.2-java
Version : 1.2.9-4+deb6u2
CVE ID : CVE-2014-0899
The Validator in Apache Struts 1.1 and later contains a function to
efficiently define rules for input validation across multiple pages during
screen transitions. This function contains a vulnerability where input
validation may be bypassed. When the Apache Struts 1 Validator is used,
the web application may be vulnerable even when this function is not used
explicitly.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | all | libstruts1.2-java | < 1.2.9-4+deb6u2 | libstruts1.2-java_1.2.9-4+deb6u2_all.deb |