Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-292-1 libstruts1.2-java

Debian Security Advisory

DLA-292-1 libstruts1.2-java -- LTS security update

Date Reported:

17 Aug 2015

Affected Packages:

libstruts1.2-java

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-0899.

More information:

The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validator is used, the web application may be vulnerable even when this function is not used explicitly.