Advisories » MGASA-2015-0351

Updated struts packages fix CVE-2015-0899

Publication date: 08 Sep 2015
Modification date: 08 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-0899

Description

Updated struts packages fix security vulnerability:

The Validator in Apache Struts 1.1 and later contains a function to
efficiently define rules for input validation across multiple pages during
screen transitions. This function contains a vulnerability where input
validation may be bypassed. When the Apache Struts 1 Validator is used, the
web application may be vulnerable even when this function is not used
explicitly (CVE-2015-0899).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16601
• https://lists.fedoraproject.org/pipermail/package-announce/2015-September/165517.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0899

SRPMS

5/core

• struts-1.3.10-8.1.mga5

4/core

• struts-1.3.10-4.2.mga4