Vulnerability Name:

CVE-2016-1182 (CCN-113853)

Assigned:2015-12-26
Published:2016-06-07
Updated:2020-07-15
Summary:ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.
CVSS v3 Severity:8.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): High
4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
4.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2016-1182

Source: CCN
Type: JVN#65044642
Apache Struts 1 vulnerable to input validation bypass

Source: JVN
Type: Vendor Advisory
JVN#65044642

Source: JVNDB
Type: Third Party Advisory, VDB Entry, Vendor Advisory
JVNDB-2016-000097

Source: CCN
Type: Apache Web site
Struts

Source: CCN
Type: IBM Security Bulletin 0717691 (WebSphere Application Server in Cloud)
Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud

Source: CCN
Type: IBM Security Bulletin 879093 (Security Privileged Identity Manager)
Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.

Source: CCN
Type: IBM Security Bulletin T1025065 (Systems Director)
Vulnerabilities in Struts affect IBM Systems Director (ISD) Server (CVE-2016-1181, CVE-2016-1182)

Source: CCN
Type: IBM Security Bulletin T1025087 (Flex System Manager Node)
IBM Flex System Manager (FSM) is affected by multiple Struts vulnerabilities (CVE-2016-1181, CVE-2016-1182)

Source: CCN
Type: IBM Security Bulletin 1985995 (WebSphere Application Server)
Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)

Source: CCN
Type: IBM Security Bulletin 1987189 (FileNet Content Manager)
Vulnerability in Apache Struts affects FileNet Content Manager and IBM Content Foundation (CVE-2016-1181, CVE-2016-1182)

Source: CCN
Type: IBM Security Bulletin 1987877 (Financial Transaction Manager)
IBM Financial Transaction Manager for Corporate Payment Services open source Apache Struts Vulnerabilities (CVE-2016-1181 CVE-2016-1182)

Source: CCN
Type: IBM Security Bulletin 1988182 (Notes)
IBM Notes is affected with Open Source Apache Struts Vulnerabilities (CVE-2016-1181, CVE-2016-1182)

Source: CCN
Type: IBM Security Bulletin 1988198 (WebSphere Service Registry and Repository)
Vulnerabilities in Apache Struts and Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1181, CVE-2016-1182, CVE-2016-3092)

Source: CCN
Type: IBM Security Bulletin 1988638 (Spectrum Control Standard Edition)
Vulnerabilities in Struts v2 affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-1181, CVE-2016-1182

Source: CCN
Type: IBM Security Bulletin 1988706 (Security Privileged Identity Manager)
Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager

Source: CCN
Type: IBM Security Bulletin 1988710 (WebSphere Application Server for Bluemix)
Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix

Source: CCN
Type: IBM Security Bulletin 1988770 (WebSphere Portal)
Vulnerabilities in Apache Struts affect IBM WebSphere Portal (CVE-2015-0899, CVE-2016-1181, CVE-2016-1182)

Source: CCN
Type: IBM Security Bulletin 1988934 (InfoSphere Information Server)
Multiple Vulnerabilities in Struts v2 affect IBM InfoSphere Information Server

Source: CCN
Type: IBM Security Bulletin 1989060 (Financial Transaction Manager)
Multiple vulnerabilities in IBM Financial Transaction Manager for ACH Services, Check Services, Corporate Payment Services (CVE-2016-5920, CVE-2016-1181, CVE-2016-1182, CVE-2016-3060)

Source: CCN
Type: IBM Security Bulletin 1989496 (License Metric Tool)
Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-1181 and CVE-2016-1182)

Source: CCN
Type: IBM Security Bulletin 1990451 (Tivoli Monitoring V6)
Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server

Source: CCN
Type: IBM Security Bulletin 1990834 (Business Process Manager Advanced)
Security vulnerabilities in Apache Struts might affect IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2016-1181, CVE-2016-1182, CVE-2015-0899)

Source: CCN
Type: IBM Security Bulletin 1991903 (BigFix family)
Multiple vulnerabilities in Apache Struts affect IBM BigFix Remote Control (CVE-2016-1181, CVE-2016-1182)

Source: CCN
Type: IBM Security Bulletin 1992931 (Security Identity Manager)
Vulnerabilities in Struts v2 affect IBM Security Identity Manager ( CVE-2016-1181 CVE-2016-1182 )

Source: CCN
Type: IBM Security Bulletin 1996820 (Emptoris Strategic Supply Management)
Multiple vulnerabilities in IBM Java SDK and IBM WebSphere Application Server affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement

Source: CCN
Type: IBM Security Bulletin 2008689 (Cram Social Program Management)
Vulnerability in Apache Struts affects IBM Cram Social Program Management (CVE-2016-1182, CVE-2016-1181, CVE-2015-0899)

Source: CCN
Type: IBM Security Bulletin 2011978 (Sterling B2B Integrator)
Multiple Apache Struts Vulnerabilities Affect IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 2012006 (Sterling File Gateway)
Multiple Apache Struts Vulnerabilities Affect IBM Sterling File Gateway

Source: CCN
Type: IBM Security Bulletin 2013334 (Emptoris Contract Management)
Vulnerabilities in Apache Struts Affect IBM Emptoris Contract Management and IBM Emptoris Spend (CVE-2016-1181,CVE-2016-1182)

Source: CCN
Type: IBM Security Bulletin 2016214 (WebSphere Application Server)
Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI

Source: CCN
Type: Oracle CPUJan2017
Oracle Critical Patch Update Advisory - January 2017

Source: CCN
Type: Oracle CPUJan2018
Oracle Critical Patch Update Advisory - January 2018

Source: CONFIRM
Type: Patch
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Source: CONFIRM
Type: Patch, Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Source: CONFIRM
Type: Patch
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Source: CONFIRM
Type: Patch, Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Source: CONFIRM
Type: Patch
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: CCN
Type: Oracle CPUOct2018
Oracle Critical Patch Update Advisory - October 2018

Source: CONFIRM
Type: Patch
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Source: BID
Type: Third Party Advisory, VDB Entry
91067

Source: CCN
Type: BID-91067
Apache Struts CVE-2016-1182 Security Bypass Vulnerability

Source: BID
Type: Third Party Advisory, VDB Entry
91787

Source: CCN
Type: BID-91787
Oracle July 2016 Critical Patch Update Multiple Vulnerabilities

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1036056

Source: CONFIRM
Type: Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1343540

Source: XF
Type: UNKNOWN
apache-struts-cve20161182-sec-bypass(113853)

Source: CONFIRM
Type: Issue Tracking, Patch
https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8

Source: CONFIRM
Type: Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2016-1182

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20180629-0006/

Source: CCN
Type: IBM Security Bulletin 741659 (Security Guardium)
Vulnerabilities in Struts v2 affect IBM Security Guardium (CVE-2016-1181, CVE-2016-1182)

Source: CCN
Type: IBM Security Bulletin 1990921 (Content Collector)
Multiple Vulnerabilities in Struts v2 affect IBM Content Collector for Email

Source: CCN
Type: IBM Security Bulletin 1999098 (Content Collector)
OpenSource Apache Struts vulnerability in Content Collector for IBM Connections

Source: CCN
Type: IBM Security Bulletin 1999103 (Content Collector)
OpenSource Apache Struts vulnerability in IBM Content Collector for Microsoft SharePoint

Source: CCN
Type: IBM Security Bulletin 1999107 (Content Collector)
OpenSource Apache Struts vulnerabilities in IBM Content Collector for File Systems

Source: CCN
Type: IBM Security Bulletin 2000469 (Enterprise Records)
Vulnerabilities in Struts v2 affect IBM Enterprise Records

Source: CCN
Type: IBM Security Bulletin 6464833 (Security Identity Manager)
IBM Security Identity Manager deprecated Self Service UI contains Struts V1 (CVE-2016-1182)

Source: CCN
Type: IBM Security Bulletin 6464835 (Security Identity Manager)
IBM Security Identity Manager Virtual Appliance deprecated Self Service UI contains Struts V1 (CVE-2016-1182)

Source: CCN
Type: IBM Security Bulletin 6910171 (Integration Designer)
Multiple CVEs affect IBM Integration Designer

Source: MISC
Type: UNKNOWN
https://www.oracle.com/security-alerts/cpujan2020.html

Source: MISC
Type: UNKNOWN
https://www.oracle.com/security-alerts/cpujul2020.html

Source: MISC
Type: UNKNOWN
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Source: CONFIRM
Type: Patch
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Source: MISC
Type: UNKNOWN
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:struts:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.1:b1:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.1:b2:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.1:b3:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.1:rc2:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.3.10:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:struts:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.3.10:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:struts:1.3.8:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:content_collector:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:8.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:filenet_content_manager:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:license_metric_tool:7.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:license_metric_tool:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_service_registry_and_repository:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_service_registry_and_repository:8.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_service_registry_and_repository:8.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:content_collector:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_process_manager:7.5:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:business_process_manager:7.5.1:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:business_process_manager:7.5.1.2:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:business_process_manager:8.0:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:business_process_manager:8.0.1:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:business_process_manager:8.5:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:business_process_manager:8.5.5:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:websphere_service_registry_and_repository:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:2.1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_process_manager:8.5.6:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:2.1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_service_registry_and_repository:8.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:content_collector:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_service_registry_and_repository:8.5.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:flex_system_manager_node:*:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:systems_director:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.0.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.0.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_process_manager:8.5.0.2:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:security_privileged_identity_manager:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.0.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:8.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:8.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.0.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:2.1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:6.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.0.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:2.1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.0.0.13:*:*:*:*:ach_services:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.0.0.14:*:*:*:*:ach_services:*:*
  • OR cpe:/a:ibm:business_process_manager:8.5.7:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:9.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris:strategic_supply_management:10.0.0.0:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.2.10:*:standard:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_service_registry_and_repository:8.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_service_registry_and_repository:8.5.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:content_collector:4.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:content_collector:4.0.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris:strategic_supply_management:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:8.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:curam_social_program_management:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:webcenter_portal:12.2.1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:*
  • OR cpe:/a:oracle:adaptive_access_manager:11.1.2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_in_cloud:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_in_cloud:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:*
  • OR cpe:/a:ibm:security_identity_manager:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_privileged_identity_manager:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_manager:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:integration_designer:20.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_manager:7.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.precise:def:20161182000
    V
    		CVE-2016-1182 on Ubuntu 12.04 LTS (precise) - medium.
    2016-07-04
    oval:com.ubuntu.trusty:def:20161182000
    V
    		CVE-2016-1182 on Ubuntu 14.04 LTS (trusty) - medium.
    2016-07-04
    BACK
    apache struts 1.0
    apache struts 1.0 beta1
    apache struts 1.0 beta2
    apache struts 1.0 beta3
    apache struts 1.0.1
    apache struts 1.0.2
    apache struts 1.1
    apache struts 1.1 b1
    apache struts 1.1 b2
    apache struts 1.1 b3
    apache struts 1.1 rc1
    apache struts 1.1 rc2
    apache struts 1.2.0
    apache struts 1.2.1
    apache struts 1.2.2
    apache struts 1.2.3
    apache struts 1.2.4
    apache struts 1.2.5
    apache struts 1.2.6
    apache struts 1.2.7
    apache struts 1.2.8
    apache struts 1.2.9
    apache struts 1.3.5
    apache struts 1.3.6
    apache struts 1.3.7
    apache struts 1.3.8
    apache struts 1.3.9
    apache struts 1.3.10
    apache struts 1.2.7
    apache struts 1.2.8
    apache struts 1.2.9
    apache struts 1.3.10
    apache struts 1.0
    apache struts 1.0.2
    apache struts 1.1
    apache struts 1.2.2
    apache struts 1.2.4
    apache struts 1.2.6
    apache struts 1.3.5
    apache struts 1.3.8
    ibm websphere application server 7.0
    ibm websphere portal 7.0
    ibm infosphere information server 8.5
    ibm websphere application server 8.0
    ibm websphere portal 8.0
    ibm websphere application server 8.5
    ibm infosphere information server 8.7
    ibm infosphere information server 9.1
    ibm sterling b2b integrator 5.2
    ibm content collector 3.0
    ibm websphere application server 8.5.5
    ibm filenet content manager 5.2.0
    ibm license metric tool 7.2.2
    ibm license metric tool 7.5
    ibm websphere service registry and repository 8.0
    ibm websphere service registry and repository 8.0.0.1
    ibm websphere service registry and repository 8.0.0.2
    ibm sterling file gateway 2.2
    ibm sterling b2b integrator 5.2.4
    ibm content collector 4.0
    ibm websphere portal 8.5
    ibm websphere portal 6.1
    ibm infosphere information server 11.3
    ibm sterling b2b integrator 5.2.1
    ibm sterling b2b integrator 5.2.2
    ibm sterling b2b integrator 5.2.3
    ibm emptoris contract management *
    ibm business process manager 7.5
    ibm business process manager 7.5.0.1
    ibm business process manager 7.5.1
    ibm business process manager 7.5.1.1
    ibm business process manager 7.5.1.2
    ibm business process manager 8.0
    ibm business process manager 8.0.1
    ibm business process manager 8.0.1.1
    ibm business process manager 8.0.1.2
    ibm business process manager 8.5
    ibm business process manager 8.5.0.1
    ibm business process manager 8.5.5
    ibm business process manager 8.0.1.3
    ibm websphere service registry and repository 8.5
    ibm financial transaction manager 2.1.1.2
    ibm sterling b2b integrator 5.2.5
    ibm curam social program management 6.0.5
    ibm business process manager 8.5.6
    ibm financial transaction manager 3.0.0.0
    ibm financial transaction manager 3.0.0.1
    ibm financial transaction manager 3.0.0.2
    ibm financial transaction manager 2.1.1.0
    ibm tivoli monitoring 6.2.2
    ibm tivoli monitoring 6.2.3
    ibm tivoli monitoring 6.3.0
    ibm tivoli monitoring 6.2.3.1
    ibm tivoli monitoring 6.2.3.2
    ibm tivoli monitoring 6.2.3.3
    ibm tivoli monitoring 6.2.3.4
    ibm tivoli monitoring 6.2.3.5
    ibm tivoli monitoring 6.3
    ibm tivoli monitoring 6.3.0.1
    ibm tivoli monitoring 6.3.0.2
    ibm tivoli monitoring 6.3.0.3
    ibm tivoli monitoring 6.3.0.4
    ibm websphere service registry and repository 8.5.0.1
    ibm financial transaction manager 3.0.0.3
    ibm financial transaction manager 3.0.0.4
    ibm content collector 4.0.1
    ibm websphere service registry and repository 8.5.5.0
    ibm financial transaction manager 3.0.0.5
    ibm financial transaction manager 3.0.0.6
    ibm financial transaction manager 3.0.0.7
    ibm infosphere information server 11.5
    ibm security guardium 10
    ibm flex system manager node *
    ibm systems director -
    ibm financial transaction manager 3.0.0.8
    ibm financial transaction manager 3.0.0.9
    ibm business process manager 8.5.0.2
    ibm security privileged identity manager 2.0.2
    ibm financial transaction manager 3.0.0.10
    ibm lotus notes 8.5
    ibm lotus notes 8.5.1
    ibm lotus notes 8.5.2
    ibm lotus notes 8.5.3
    ibm lotus notes 9.0.1
    ibm financial transaction manager 3.0.0.11
    ibm financial transaction manager 2.1.1.1
    ibm sterling b2b integrator 5.2.6
    ibm curam social program management 6.1.1
    ibm financial transaction manager 3.0.0.12
    ibm financial transaction manager 2.1.1.3
    ibm lotus notes 9.0
    ibm financial transaction manager 3.0.0.13
    ibm financial transaction manager 3.0.0.14
    ibm business process manager 8.5.7
    ibm websphere application server 9.0.0.0
    ibm emptoris strategic_supply_management 10.0.0.0
    ibm spectrum control 5.2.10
    ibm websphere service registry and repository 8.0.0.3
    ibm websphere service registry and repository 8.5.6.0
    ibm tivoli monitoring 6.3.0.5
    ibm tivoli monitoring 6.3.0.6
    ibm tivoli monitoring 6.2.2.2
    ibm tivoli monitoring 6.2.2.3
    ibm tivoli monitoring 6.2.2.4
    ibm tivoli monitoring 6.2.2.5
    ibm tivoli monitoring 6.2.2.6
    ibm tivoli monitoring 6.2.2.7
    ibm tivoli monitoring 6.2.2.8
    ibm tivoli monitoring 6.2.2.9
    ibm websphere application server 9.0
    ibm content collector 4.0.1.3
    ibm content collector 4.0.1.4
    ibm curam social program management 6.2.0
    ibm emptoris strategic_supply_management
    oracle primavera p6 enterprise project portfolio management 8.2
    oracle primavera p6 enterprise project portfolio management 8.3
    oracle primavera p6 enterprise project portfolio management 8.4
    oracle primavera p6 enterprise project portfolio management 15.1
    oracle primavera p6 enterprise project portfolio management 15.2
    oracle primavera p6 enterprise project portfolio management 16.1
    oracle primavera p6 enterprise project portfolio management 16.2
    ibm curam social program management 7.0.1
    oracle webcenter portal 11.1.1.9.0
    oracle webcenter portal 12.2.1.2.0
    oracle webcenter portal 12.2.1.3.0
    ibm websphere application server in cloud *
    oracle adaptive access manager 11.1.2.3.0
    ibm security guardium 10.5
    ibm websphere application server in cloud 8.5
    ibm websphere application server in cloud 9.0
    ibm websphere application server in cloud *
    ibm security identity manager 6.0.0
    ibm security privileged identity manager 2.1.1
    ibm security identity manager 6.0.2
    ibm security identity manager virtual appliance 7.0.2
    ibm security identity manager virtual appliance 7.0.1
    ibm integration designer 20.0.0.2
    ibm security identity manager 7.0.2