Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.

The IBM WebSphere Application Server running on the remote host is version 7.0.0.x through 7.0.0.45, 8.0.0.x through 8.0.0.15, 8.5.0.x prior to 8.5.5.14 or 9.0.x prior to 9.0.0.9. It is, therefore, affected by multiple vulnerabilities related to Apache Struts, including the following:

  - Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through     1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class     property, which allows remote attackers to manipulate the ClassLoader and execute arbitrary code via the     class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm     object in Struts 1. (CVE-2014-0114)

  - ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm     instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected     memory access) via a multipart request, a related issue to CVE-2015-0899. (CVE-2016-1181)

  - ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator     configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a     denial of service via crafted input, a related issue to CVE-2015-0899. (CVE-2016-1182)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote web server hosts struts-examples, a demonstration application for the Struts framework. Input passed via the 'theText' POST parameter to the 'upload-submit.do' page is not properly sanitized before using it to generate dynamic HTML. 

By tricking a user into clicking on a specially crafted link, an attacker can exploit this to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.

The remote web server hosts struts-cookbook, a demonstration application for the Struts framework.  Input passed via the 'message' parameter to the 'processSimple.do' page is not properly sanitized before using it to generate dynamic HTML. 

By tricking someone into clicking on a specially crafted link, an attacker may be able exploit this to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.

ID	Name	Product	Family	Severity
141566	IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.14 / 9.0.x <= 9.0.0.9 Multiple Vulnerabilities (711865)	Nessus	Web Servers	high
60094	Apache Struts struts-examples upload-submit.do 'theText' Parameter XSS	Nessus	CGI abuses : XSS	medium
60093	Apache Struts struts-cookbook processSimple.do message Parameter XSS	Nessus	CGI abuses : XSS	medium

Detections

Analytics

CVE-2012-1007

medium

Tenable Plugins

high

medium

medium