Apache Struts 1 Denial Of Service Cross Site Scripting Vulnerability
15 Aug. 2016
Apache Struts is prone to a denial of service (DoS) vulnerability. This allow a remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources via certain vulnerable vectors. Apache Struts is prone to a cross-site scripting vulnerability.This allows remote attackers to inject arbitrary web script or HTML via vulnerable vectors.A remote attacker can use cross-site scripting(XSS) to send a hostile script to an unsuspicious user
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.