Rapid7 Vulnerability & Exploit Database

RHSA-2006:0157: struts security update for Red Hat Application Server

Back to Search

RHSA-2006:0157: struts security update for Red Hat Application Server

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
11/22/2005
Created
07/25/2018
Added
11/26/2007
Modified
07/04/2017

Description

Updated Red Hat Application Server components are now available including a security update for Struts. This update has been rated as having low security impact by the Red Hat Security Response Team.

Red Hat Application Server packages provide a J2EE Application Server and Web container as well as the underlying Java stack. A cross-site scripting flaw was found in the way Struts displays error pages. It may be possible for an attacker to construct a specially crafted URL which could fool a victim into believing they are viewing a trusted site. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3745 to this issue. Please note that this issue does not affect Struts running on Tomcat or JOnAS, which is our supported usage of Struts. All users of Red Hat Application Server should upgrade to these updated packages, which contain Struts version 1.2.8 which is not vulnerable to this issue.

Solution(s)

  • redhat-upgrade-jakarta-commons-validator
  • redhat-upgrade-jakarta-commons-validator-javadoc
  • redhat-upgrade-struts
  • redhat-upgrade-struts-javadoc
  • redhat-upgrade-struts-manual
  • redhat-upgrade-struts-webapps-tomcat5

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;