The Analysis of Apache Struts 1 ActionServlet Validator Bypass (CVE-2016-1182)

October 25, 2017

Apache Struts 1 ValidatorForm is a commonly used component in the JAVA EE Web Application that requires validated form fields input by a user, such as a login form, registration form, or other information form. By configuring the validation rules, Apache Struts can validate many different kinds of fields - username, email, credit card number, etc. However, a bug in Apache Struts 1 can be used to manipulate the property of ValidatorForm so as to modify the validation rules, or even worse, cause a denial of service or execute arbitrary code in the...

Read more...

Previous Article
The Analysis of Apache Struts 1 Form Field Input Validation Bypass (CVE-2015-0899)
The Analysis of Apache Struts 1 Form Field Input Validation Bypass (CVE-2015-0899)

Apache Struts 1 is a popularly used JAVA EE web application framework. It offers many kinds of validators t...

Next Article
The DUHK Vulnerability
The DUHK Vulnerability

There have been some news items floating around the Internet discussing a weakness in the ANSI X9.31 random...