CVE-2005-3745: XSS
First published: Tue Nov 22 2005(Updated: )
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.apache.struts:struts-core | <=1.2.7 | |
| Apache Struts 2 | =1.2.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.hacktics.com/AdvStrutsNov05.html
- http://www.securityfocus.com/bid/15512
- http://www.osvdb.org/21021
- http://secunia.com/advisories/17677
- http://securitytracker.com/id?1015257
- http://www.redhat.com/support/errata/RHSA-2006-0157.html
- http://secunia.com/advisories/18341
- http://www.redhat.com/support/errata/RHSA-2006-0161.html
- http://securityreason.com/securityalert/197
- http://www.vupen.com/english/advisories/2005/2525
- http://www.securityfocus.com/archive/1/417296/30/0/threaded
- https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E
- https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2005-3745
- https://web.archive.org/web/20051230061138/http://www.hacktics.com/AdvStrutsNov05.html
- https://web.archive.org/web/20060315133810/http://securitytracker.com/alerts/2005/Nov/1015257.html
- https://web.archive.org/web/20060408105414/http://www.securityfocus.com/bid/15512
- https://web.archive.org/web/20201125023452/http://www.securityfocus.com/archive/1/417296/30/0/threaded
- https://web.archive.org/web/20201207010315/https://cxsecurity.com/issue/WLB-2005110055
- https://github.com/advisories/GHSA-9cjh-qmvx-436c (Advisory)
- https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E
- https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2005-3745?
CVE-2005-3745 is considered a moderate severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2005-3745?
To fix CVE-2005-3745, upgrade to a patched version of Apache Struts that addresses the cross-site scripting vulnerability.
What versions of Apache Struts are affected by CVE-2005-3745?
CVE-2005-3745 specifically affects Apache Struts version 1.2.7 and possibly other earlier versions.
How does CVE-2005-3745 affect web applications?
CVE-2005-3745 allows remote attackers to inject malicious scripts into web applications, compromising the integrity of the application.
What should I do if I cannot update for CVE-2005-3745?
If you cannot update for CVE-2005-3745, consider implementing input validation and output encoding to mitigate the risk of cross-site scripting.
- collector/github-advisory-latest
- alias/GHSA-9cjh-qmvx-436c
- alias/CVE-2005-3745
- collector/github-advisory
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-historical
- collector/nvd-api
- package-manager/maven
- vendor/apache
- canonical/apache struts 2
- version/apache struts 2/1.2.7