Debian Security Advisory

DLA-292-1 libstruts1.2-java -- LTS security update

Date Reported:
17 Aug 2015
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2014-0899.
More information:

The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validator is used, the web application may be vulnerable even when this function is not used explicitly.