ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2016-07-04T22:00:00

Updated: 2024-08-05T22:48:13.522Z

Reserved: 2015-12-26T00:00:00

Link: CVE-2016-1181

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-07-04T22:59:01.617

Modified: 2024-11-21T02:45:54.383

Link: CVE-2016-1181

cve-icon Redhat

Severity : Important

Publid Date: 2016-06-07T00:00:00Z

Links: CVE-2016-1181 - Bugzilla