CVE-2006-1546 - CVE Reference - Advisories

CVE Reference: CVE-2006-1546

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1546

Description: Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/25612 SUSE http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html ST 1015856 SAID Secunia Advisory: SA19493 Secunia Advisory: SA20117 MLIST http://mail-archives.apache.org/mod_mbox/struts-dev/200601.mbox/%3cdr169r$623$2@sea.gmane.org%3e http://mail-archives.apache.org/mod_mbox/struts-user/200601.mbox/%3c20060121221800.15814.qmail@web32607.mail.mud.yahoo.com%3e CONFIRM http://issues.apache.org/bugzilla/show_bug.cgi?id=38374 http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html BID 17342

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Red Hat update for vsftpd

2.	Red Hat update for rdesktop

3.	Red Hat update for rdesktop

4.	Red Hat update for coreutils

5.	Red Hat update for nss_ldap

6.	Red Hat update for kernel

7.	Red Hat update for mysql

8.	Atom PhotoBlog "photoId" SQL Injection Vulnerability

9.	OpenBSD BIND Query Port DNS Cache Poisoning

10.	Red Hat update for kernel