Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-1181

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

Published

2016-07-04T22:59:01.617

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oracle	banking_platform	2.3.0	Yes
Application	oracle	banking_platform	2.4.0	Yes
Application	oracle	banking_platform	2.4.1	Yes
Application	oracle	banking_platform	2.5.0	Yes
Application	oracle	portal	11.1.1.6	Yes
Application	apache	struts	1.0	Yes
Application	apache	struts	1.0	Yes
Application	apache	struts	1.0	Yes
Application	apache	struts	1.0	Yes
Application	apache	struts	1.0.1	Yes
Application	apache	struts	1.0.2	Yes
Application	apache	struts	1.1	Yes
Application	apache	struts	1.1	Yes
Application	apache	struts	1.1	Yes
Application	apache	struts	1.1	Yes
Application	apache	struts	1.1	Yes
Application	apache	struts	1.1	Yes
Application	apache	struts	1.2.0	Yes
Application	apache	struts	1.2.1	Yes
Application	apache	struts	1.2.2	Yes
Application	apache	struts	1.2.3	Yes
Application	apache	struts	1.2.4	Yes
Application	apache	struts	1.2.5	Yes
Application	apache	struts	1.2.6	Yes
Application	apache	struts	1.2.7	Yes
Application	apache	struts	1.2.8	Yes
Application	apache	struts	1.2.9	Yes
Application	apache	struts	1.3.5	Yes
Application	apache	struts	1.3.6	Yes
Application	apache	struts	1.3.7	Yes
Application	apache	struts	1.3.8	Yes
Application	apache	struts	1.3.9	Yes
Application	apache	struts	1.3.10	Yes

References

http://jvn.jp/en/jp/JVN03188560/index.html Vendor Advisory ([email protected])
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096 Third Party Advisory, VDB Entry, Vendor Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html Patch ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Patch, Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Patch ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Patch ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Patch, Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Patch ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html Patch ([email protected])
http://www.securityfocus.com/bid/91068 Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/91787 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1036056 Third Party Advisory, VDB Entry ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1343538 Issue Tracking ([email protected])
https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8 Issue Tracking, Patch ([email protected])
https://security-tracker.debian.org/tracker/CVE-2016-1181 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20180629-0006/ Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujan2020.html ([email protected])
https://www.oracle.com/security-alerts/cpujul2020.html ([email protected])
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html ([email protected])
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Patch ([email protected])
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html ([email protected])
http://jvn.jp/en/jp/JVN03188560/index.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096 Third Party Advisory, VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/91068 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/91787 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036056 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1343538 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://security-tracker.debian.org/tracker/CVE-2016-1181 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20180629-0006/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2020.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2020.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Patch (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html (af854a3a-2127-422b-91ae-364da2661108)