CVE-2016-1181 — HIGH (8.1) — White Hats Nepal

Vulnerability Description

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

CVSS Score

8.1

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Oracle	Banking Platform	2.3.0
Oracle	Portal	11.1.1.6
Apache	Struts	1.0

References

http://jvn.jp/en/jp/JVN03188560/index.htmlVendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096Third Party AdvisoryVDB EntryVendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlPatchThird Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlPatchThird Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch
http://www.securityfocus.com/bid/91068Third Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/91787Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1036056Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1343538Issue Tracking
https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cbIssue TrackingPatch
https://security-tracker.debian.org/tracker/CVE-2016-1181Third Party Advisory

FAQ

What is CVE-2016-1181?

CVE-2016-1181 is a vulnerability with a CVSS score of 8.1 (HIGH). ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service...

How severe is CVE-2016-1181?

CVE-2016-1181 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-1181?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Banking Platform, Oracle Portal, Apache Struts.