Описание
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.
Отчет
This issue affects the version of struts shipped with Red Hat Enterprise Linux 5, which is currently in Extended Life Phase. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification https://access.redhat.com/security/updates/classification/ and the Red Hat Enterprise Linux Life Cycle https://access.redhat.com/support/policy/updates/errata/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | struts | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 2 | struts | Not affected | ||
| Red Hat Satellite 5 | struts | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles mu ...
Уязвимость программной платформы Apache Struts, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
EPSS
6.8 Medium
CVSS2