FKIE_CVE-2005-3745

Vulnerability from fkie_nvd - Published: 2005-11-22 11:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
References
cve@mitre.orghttp://secunia.com/advisories/17677
cve@mitre.orghttp://secunia.com/advisories/18341
cve@mitre.orghttp://securityreason.com/securityalert/197
cve@mitre.orghttp://securitytracker.com/id?1015257
cve@mitre.orghttp://www.hacktics.com/AdvStrutsNov05.htmlExploit, Patch, Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/21021
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2006-0157.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2006-0161.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/417296/30/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/15512Exploit, Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2005/2525
cve@mitre.orghttps://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17677
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18341
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/197
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015257
af854a3a-2127-422b-91ae-364da2661108http://www.hacktics.com/AdvStrutsNov05.htmlExploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/21021
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0157.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0161.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/417296/30/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15512Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/2525
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E
Impacted products
Vendor Product Version
apache struts 1.2.7
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:struts:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC81E1A-2779-4FAF-866C-970752CD1828",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apache Struts 1.2.7, y posiblemente otras versiones, permite a atacantes remotos inyectar \u0027script\u0027 web o HTML de su elecci\u00f3n mediante la cadena de consulta, que no es entrecomillada o filtrada adecuadamente cuando el manejador de peticiones genera un mensaje de error."
    }
  ],
  "id": "CVE-2005-3745",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-11-22T11:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/17677"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18341"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/197"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015257"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.hacktics.com/AdvStrutsNov05.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/21021"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0157.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/417296/30/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15512"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/2525"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.hacktics.com/AdvStrutsNov05.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/21021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0157.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/417296/30/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3%40%3Cissues.struts.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db%40%3Cissues.struts.apache.org%3E"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.