Apache · Apache Struts · CVE-2006-1546
Name of the Vulnerable Software and Affected Versions:
Apache Software Foundation (ASF) Struts versions prior to 1.2.9
Description:
The issue allows remote attackers to bypass validation by sending a request with a parameter `org.apache.struts.taglib.html.Constants.CANCEL`, causing the action to be canceled without being detected by applications that do not use the `isCancelled` check.
Recommendations:
For versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue. As a temporary workaround, consider adding the `isCancelled` check in applications to detect canceled actions.