mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-11 20:52:49 +02:00
0xMarcio
2.0 KiB
2.0 KiB
CVE-2016-1181
Description
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.
POC
Reference
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/91787
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/IkerSaint/VULNAPP-vulnerable-app
- https://github.com/alonsoaca/struts1
- https://github.com/bingcai/struts-mini
- https://github.com/mayankchugh-learning/weblagacy-struts1
- https://github.com/pctF/vulnerable-app
- https://github.com/sam8k/Dynamic-and-Static-Analysis-of-SOUPs
- https://github.com/weblegacy/struts1