CVE-2016-1181

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
oraclebanking_platform
2.3.0
oraclebanking_platform
2.4.0
oraclebanking_platform
2.4.1
oraclebanking_platform
2.5.0
oracleportal
11.1.1.6
apachestruts
1.0
apachestruts
1.0:beta1
apachestruts
1.0:beta2
apachestruts
1.0:beta3
apachestruts
1.0.1
apachestruts
1.0.2
apachestruts
1.1
apachestruts
1.1:b1
apachestruts
1.1:b2
apachestruts
1.1:b3
apachestruts
1.1:rc1
apachestruts
1.1:rc2
apachestruts
1.2.0
apachestruts
1.2.1
apachestruts
1.2.2
apachestruts
1.2.3
apachestruts
1.2.4
apachestruts
1.2.5
apachestruts
1.2.6
apachestruts
1.2.7
apachestruts
1.2.8
apachestruts
1.2.9
apachestruts
1.3.5
apachestruts
1.3.6
apachestruts
1.3.7
apachestruts
1.3.8
apachestruts
1.3.9
apachestruts
1.3.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libstruts1.2-java
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
wily
dne
trusty
dne
precise
ignored
References
http://jvn.jp/en/jp/JVN03188560/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/91068
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1036056
https://bugzilla.redhat.com/show_bug.cgi?id=1343538
https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
https://security-tracker.debian.org/tracker/CVE-2016-1181
https://security.netapp.com/advisory/ntap-20180629-0006/
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
http://jvn.jp/en/jp/JVN03188560/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/91068
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1036056
https://bugzilla.redhat.com/show_bug.cgi?id=1343538
https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
https://security-tracker.debian.org/tracker/CVE-2016-1181
https://security.netapp.com/advisory/ntap-20180629-0006/
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html