← volver
CVE-2005-3745

CVE-2005-3745

EPSS 25.7%
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
Productos afectados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/26542no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://secunia.com/advisories/17677http://secunia.com/advisories/18341http://securityreason.com/securityalert/197http://securitytracker.com/id?1015257https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3Ehttps://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3Ehttp://www.hacktics.com/AdvStrutsNov05.htmlhttp://www.osvdb.org/21021http://www.redhat.com/support/errata/RHSA-2006-0157.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0161.htmlhttp://www.securityfocus.com/archive/1/417296/30/0/threadedhttp://www.securityfocus.com/bid/15512