Vulnerabilities

CVE-2006-1546

by Fred · 30/03/2006

Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a ‘org.apache.struts.taglib.html.Constants.CANCEL’ parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.

Date published : 2006-03-30

http://www.securityfocus.com/bid/17342

http://issues.apache.org/bugzilla/show_bug.cgi?id=38374

Similar

Tags: Cybersecurity Alert