Summary
This host is running Apache Struts and is prone to multiple Cross-site scripting vulnerabilities.
Impact
Successful exploitation could allow an attacker to execute arbitrary HTML code in a user's browser session in the context of a vulnerable application.
Impact Level: Application.
Solution
Update Apache Struts to version 2.3.3 or later,
For updates refer to http://struts.apache.org/download.cgi
Insight
Multiple flaws due to an,
- Input passed via the 'message' parameter in 'processSimple.do' and 'processDyna.do' action is not properly verified before it is returned to the user.
- Input passed via the 'name' and 'queryParam' parameter in '/struts-examples/upload/upload-submit.do' action is not properly verified before it is returned to the user.
Affected
Apache Struts (cookbook, examples) version 1.3.10 and prior.
Severity
Classification
-
CVE CVE-2012-1007 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- A Really Simple Chat Multiple XSS Vulnerabilities
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- Apache Open For Business HTML injection vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities