Home > Vulnerability Database > CVE-2006-1546

Mend.io Vulnerability Database

CVE-2006-1546

Good to know:

Date: March 30, 2006

Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.

Language: Java

Severity Score

7.3

Related Resources (16)

Url: http://securitytracker.com/id?1015856

Url: http://mail-archives.apache.org/mod_mbox/struts-user/200601.mbox/%3c20060121221800.15814.qmail%40web32607.mail.mud.yahoo.com%3e

Url: http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html

Url: http://www.securityfocus.com/bid/17342

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/25612

Url: http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html

Url: http://issues.apache.org/bugzilla/show_bug.cgi?id=38374

Url: http://mail-archives.apache.org/mod_mbox/struts-dev/200601.mbox/%3cdr169r$623$2@sea.gmane.org%3e

Url: http://mail-archives.apache.org/mod_mbox/struts-user/200601.mbox/%3c20060121221800.15814.qmail@web32607.mail.mud.yahoo.com%3e

Url: https://github.com/apache/struts

Url: http://secunia.com/advisories/19493

Url: http://secunia.com/advisories/20117

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-1546

Url: http://mail-archives.apache.org/mod_mbox/struts-dev/200601.mbox/%3cdr169r%24623%242%40sea.gmane.org%3e

Url: http://www.vupen.com/english/advisories/2006/1205

Url: https://www.mend.io/vulnerability-database/CVE-2006-1546

Severity Score

7.3

Weakness Type (CWE)

Improper Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version struts:struts:1.2.9

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-1546

Good to know:

Date: March 30, 2006

Language: Java

Severity Score

Related Resources (16)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?