CVE-2016-1181

Published: Jul 4, 2016Modified: May 6, 2026

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

Affected (33)

Products: Oracle: Banking Platform, Portal · Apache: Struts

2 products

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Oracle Banking Platform	Version 2.3.0
Oracle Banking Platform	Version 2.4.0
Oracle Banking Platform	Version 2.4.1
Oracle Banking Platform	Version 2.5.0
Oracle Portal	Version 11.1.1.6

Configuration B

28 vulnerable

Vulnerable Software	Affected Versions
Apache Struts	Version 1.0.1
Apache Struts	Version 1.0.2
Apache Struts	Version 1.0
Apache Struts	Version 1.0 beta1
Apache Struts	Version 1.0 beta2
Apache Struts	Version 1.0 beta3
Apache Struts	Version 1.1
Apache Struts	Version 1.1 b1
Apache Struts	Version 1.1 b2
Apache Struts	Version 1.1 b3
Apache Struts	Version 1.1 rc1
Apache Struts	Version 1.1 rc2
Apache Struts	Version 1.2.0
Apache Struts	Version 1.2.1
Apache Struts	Version 1.2.2
Apache Struts	Version 1.2.3
Apache Struts	Version 1.2.4
Apache Struts	Version 1.2.5
Apache Struts	Version 1.2.6
Apache Struts	Version 1.2.7
Apache Struts	Version 1.2.8
Apache Struts	Version 1.2.9
Apache Struts	Version 1.3.10
Apache Struts	Version 1.3.5
Apache Struts	Version 1.3.6
Apache Struts	Version 1.3.7
Apache Struts	Version 1.3.8
Apache Struts	Version 1.3.9

References (42)

http://jvn.jp/en/jp/JVN03188560/index.html

Source: vultures@jpcert.or.jp

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB EntryVendor Advisory

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Source: vultures@jpcert.or.jp

Patch

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Source: vultures@jpcert.or.jp

PatchThird Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Source: vultures@jpcert.or.jp

Patch

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Source: vultures@jpcert.or.jp

Patch

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Source: vultures@jpcert.or.jp

PatchThird Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: vultures@jpcert.or.jp

Patch

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Source: vultures@jpcert.or.jp

Patch

http://www.securityfocus.com/bid/91068

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/91787

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036056

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1343538

Source: vultures@jpcert.or.jp

Issue Tracking

https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8

Source: vultures@jpcert.or.jp

Issue TrackingPatch

https://security-tracker.debian.org/tracker/CVE-2016-1181

Source: vultures@jpcert.or.jp

Third Party Advisory

https://security.netapp.com/advisory/ntap-20180629-0006/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2020.html

Source: vultures@jpcert.or.jp

https://www.oracle.com/security-alerts/cpujul2020.html

Source: vultures@jpcert.or.jp

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Source: vultures@jpcert.or.jp

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Source: vultures@jpcert.or.jp

Patch

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Source: vultures@jpcert.or.jp

http://jvn.jp/en/jp/JVN03188560/index.html