SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Financial Services Applications Vendors:   Oracle
(Oracle Issues Fix for Oracle Financial Services Applications) Apache Struts ActionForm and Validator Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Execute Arbitrary Code
SecurityTracker Alert ID:  1036388
SecurityTracker URL:  http://securitytracker.com/id/1036388
CVE Reference:   CVE-2016-1181   (Links to External Site)
Date:  Jul 20 2016
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in Apache Struts. A remote user can cause denial of service conditions on the target system. A remote user can execute arbitrary code on the target system. A remote user can obtain potentially sensitive information on the target system. Oracle Financial Services Applications is affected.

A remote user can send specially crafted data to cause denial of service conditions, obtain potentially sensitive information, or execute arbitrary code on the target system. The impact depends on the application using Apache Struts.

The ActionForm components are affected [CVE-2016-1181].

The Validator components are affected [CVE-2016-1182].

The original advisories are available at:

https://jvn.jp/en/jp/JVN03188560/
https://jvn.jp/en/jp/JVN65044642/

JPCERT/CC reported these vulnerabilities.

Impact:   A remote user can cause denial of service conditions.

A remote user can execute arbitrary code on the target system.

A remote user can obtain potentially sensitive information on the target system.

Solution:   Oracle has issued a fix for CVE-2016-1181 for Oracle Financial Services Applications.

The Oracle advisory is available at:

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Vendor URL:  www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html (Links to External Site)
Cause:   Access control error, Input validation error

Message History:   This archive entry is a follow-up to the message listed below.
Jun 8 2016 Apache Struts ActionForm and Validator Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC