| Vulnerability Name: | CVE-2012-1007 (CCN-73052) | ||||||||||||
| Assigned: | 2012-02-01 | ||||||||||||
| Published: | 2012-02-01 | ||||||||||||
| Updated: | 2018-10-17 | ||||||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do. | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2012-1007 Source: CCN Type: Offensive Security Exploit Database [02-02-2012] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities Source: MISC Type: Exploit http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt Source: MISC Type: UNKNOWN http://secpod.org/blog/?p=450 Source: CCN Type: Apache Struts Web site Struts Source: CCN Type: IBM Security Bulletin 0717691 (WebSphere Application Server in Cloud) Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud Source: CCN Type: IBM Security Bulletin 2016214 (WebSphere Application Server) Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI Source: CONFIRM Type: UNKNOWN http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Source: CONFIRM Type: UNKNOWN http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html Source: CCN Type: OSVDB ID: 78992 Apache Struts struts-cookbook/processSimple.do message Parameter XSS Source: CCN Type: OSVDB ID: 78993 Apache Struts struts-cookbook/processDyna.do message Parameter XSS Source: CCN Type: OSVDB ID: 78994 Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS Source: BID Type: UNKNOWN 51900 Source: CCN Type: BID-51900 Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities Source: CCN Type: BID-51902 Apache Struts Multiple HTML Injection Vulnerabilities Source: XF Type: UNKNOWN apache-struts-name-xss(73052) Source: XF Type: UNKNOWN apache-struts-name-xss(73052) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||