Updated Red Hat Application Server components are now available including a
security update for Struts.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Red Hat Application Server packages provide a J2EE Application Server and
Web container as well as the underlying Java stack.
A cross-site scripting flaw was found in the way Struts displays error
pages. It may be possible for an attacker to construct a specially crafted
URL which could fool a victim into believing they are viewing a trusted
site. The Common Vulnerabilities and Exposures project assigned the
name CVE-2005-3745 to this issue. Please note that this issue does not
affect Struts running on Tomcat or JOnAS, which is our supported usage of
All users of Red Hat Application Server should upgrade to these updated
packages, which contain Struts version 1.2.8 which is not vulnerable to