128251 – dev-java/struts several issues (CVE-2006-154{6|7|8})

Bug 128251 - dev-java/struts several issues (CVE-2006-154{6|7|8})

Summary: dev-java/struts several issues (CVE-2006-154{6|7|8})

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Gentoo Security

URL:	http://struts.apache.org/struts-doc-1...
Whiteboard:	~3 [noglsa] dizzutch
Keywords:

Depends on:
Blocks:

Reported:	2006-03-31 06:57 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2006-03-31 22:30 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-03-31 06:57:11 UTC

Bug 38374 - Validation always skipped with Globals.CANCEL_KEY.
Bug 38534 - DOS attack, application hack.
Bug 38749 - XSS vulnerability in LookupDispatchAction.

Comment 1 Jule Slootbeek 2006-03-31 07:09:52 UTC

1.2.9 is available for download @ http://struts.apache.org/download.cgi

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-03-31 07:33:53 UTC

Java please advise and provide an updated ebuild as necessary.

Comment 3 Josh Nichols (RETIRED) gentoo-dev

2006-03-31 10:33:34 UTC

karltk did the 1.2.9 bump earlier today.

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-03-31 22:30:41 UTC

Struts appears to never have been stable -> closing with NO GLSA.