Vulnerability identifier: #VU88923

Vulnerability risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2006-1546

CWE-ID: CWE-254

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apache Struts
Server applications / Frameworks for developing and running applications

Vendor:

Description

The vulnerability allows a remote attacker to gain access to bypass security restrictions.

The vulnerability exists due to excessive data output by the application. A remote attacker can bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

---

External links
http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
http://www.securityfocus.com/bid/17342
http://securitytracker.com/id?1015856
http://secunia.com/advisories/19493
http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
http://secunia.com/advisories/20117
http://www.vupen.com/english/advisories/2006/1205
http://exchange.xforce.ibmcloud.com/vulnerabilities/25612
http://mail-archives.apache.org/mod_mbox/struts-user/200601.mbox/%3c20060121221800.15814.qmail%40web32607.mail.mud.yahoo.com%3e
http://mail-archives.apache.org/mod_mbox/struts-dev/200601.mbox/%3cdr169r%24623%242%40sea.gmane.org%3e

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.