Child pages
  • S2-028

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Affects of a cross-site scripting vulnerability.

Maximum security rating

Important

Recommendation

Upgrade runtime JRE to a recent major version, preferably 1.8. Alternatively upgrade to Struts 2.3.28

Affected Software

Struts 2.0.0 - Struts Struts 2.3.24.1

Reporter

WhiteHat Security (whitehatsec.com)

CVE Identifier

CVE-2016-0759

Problem

When using a single byte page encoding such as ISO-8895-1, an attacker might submit a non-spec URL-encoded parameter value including multi-byte characters.

...