Vulnerabilities > CVE-2005-3745 - Unspecified vulnerability in Apache Struts 1.2.7
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apache
exploit available
Summary
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability. CVE-2005-3745. Remote exploits for multiple platform |
| id | EDB-ID:26542 |
| last seen | 2016-02-03 |
| modified | 2005-11-21 |
| published | 2005-11-21 |
| reporter | Irene Abezgauz |
| source | https://www.exploit-db.com/download/26542/ |
| title | Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability |
Redhat
| advisories |
|
References
- http://www.hacktics.com/AdvStrutsNov05.html
- http://www.securityfocus.com/bid/15512
- http://www.osvdb.org/21021
- http://secunia.com/advisories/17677
- http://securitytracker.com/id?1015257
- http://www.redhat.com/support/errata/RHSA-2006-0157.html
- http://secunia.com/advisories/18341
- http://www.redhat.com/support/errata/RHSA-2006-0161.html
- http://securityreason.com/securityalert/197
- http://www.vupen.com/english/advisories/2005/2525
- http://www.securityfocus.com/archive/1/417296/30/0/threaded
- https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E
- https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E