CVE-2016-1181

EUVD-2022-3025
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
oraclebanking_platform
2.3.0
oraclebanking_platform
2.4.0
oraclebanking_platform
2.4.1
oraclebanking_platform
2.5.0
oracleportal
11.1.1.6
apachestruts
1.0
apachestruts
1.0:beta1
apachestruts
1.0:beta2
apachestruts
1.0:beta3
apachestruts
1.0.1
apachestruts
1.0.2
apachestruts
1.1
apachestruts
1.1:b1
apachestruts
1.1:b2
apachestruts
1.1:b3
apachestruts
1.1:rc1
apachestruts
1.1:rc2
apachestruts
1.2.0
apachestruts
1.2.1
apachestruts
1.2.2
apachestruts
1.2.3
apachestruts
1.2.4
apachestruts
1.2.5
apachestruts
1.2.6
apachestruts
1.2.7
apachestruts
1.2.8
apachestruts
1.2.9
apachestruts
1.3.5
apachestruts
1.3.6
apachestruts
1.3.7
apachestruts
1.3.8
apachestruts
1.3.9
apachestruts
1.3.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libstruts1.2-java
artful
dne
bionic
dne
cosmic
dne
disco
dne
precise
ignored
trusty
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
References
http://jvn.jp/en/jp/JVN03188560/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/91068
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1036056
https://bugzilla.redhat.com/show_bug.cgi?id=1343538
https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
https://security-tracker.debian.org/tracker/CVE-2016-1181
https://security.netapp.com/advisory/ntap-20180629-0006/
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
http://jvn.jp/en/jp/JVN03188560/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/91068
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1036056
https://bugzilla.redhat.com/show_bug.cgi?id=1343538
https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
https://security-tracker.debian.org/tracker/CVE-2016-1181
https://security.netapp.com/advisory/ntap-20180629-0006/
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html