CVE-2005-3745: XSS
First published: Tue Nov 22 2005(Updated: )
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Struts | =1.2.7 | |
| maven/org.apache.struts:struts-core | <=1.2.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.hacktics.com/AdvStrutsNov05.html
- http://www.securityfocus.com/bid/15512
- http://www.osvdb.org/21021
- http://secunia.com/advisories/17677
- http://securitytracker.com/id?1015257
- http://www.redhat.com/support/errata/RHSA-2006-0157.html
- http://secunia.com/advisories/18341
- http://www.redhat.com/support/errata/RHSA-2006-0161.html
- http://securityreason.com/securityalert/197
- http://www.vupen.com/english/advisories/2005/2525
- http://www.securityfocus.com/archive/1/417296/30/0/threaded
- https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E
- https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2005-3745
- https://web.archive.org/web/20051230061138/http://www.hacktics.com/AdvStrutsNov05.html
- https://web.archive.org/web/20060315133810/http://securitytracker.com/alerts/2005/Nov/1015257.html
- https://web.archive.org/web/20060408105414/http://www.securityfocus.com/bid/15512
- https://web.archive.org/web/20201125023452/http://www.securityfocus.com/archive/1/417296/30/0/threaded
- https://web.archive.org/web/20201207010315/https://cxsecurity.com/issue/WLB-2005110055
- https://github.com/advisories/GHSA-9cjh-qmvx-436c (Advisory)
- https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E
- https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E
- collector/nvd-historical
- collector/github-advisory-latest
- alias/GHSA-9cjh-qmvx-436c
- alias/CVE-2005-3745
- collector/github-advisory
- collector/nvd-cve
- collector/nvd-index
- collector/nvd-api
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- agent/trending
- vendor/apache
- canonical/apache struts
- version/apache struts/1.2.7
- package-manager/maven