Debian Security Advisory
DLA-292-1 libstruts1.2-java -- LTS security update
- Date Reported:
- 17 Aug 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-0899.
- More information:
The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validator is used, the web application may be vulnerable even when this function is not used explicitly.