CVE-2016-1181

Name of the Vulnerable Software and Affected Versions Apache Struts versions 1.x through 1.3.10

Description The issue is related to errors in the code of the Apache Struts platform, specifically in the ActionServlet.java file, which mishandles multithreaded access to an ActionForm instance. This allows a remote attacker to execute arbitrary code or cause a denial of service via a multipart request. The vulnerability is exploited by sending a composite request, enabling the attacker to perform unauthorized actions.

Recommendations For Apache Struts versions 1.x through 1.3.10, consider disabling the ActionServlet.java file or restricting access to the ActionForm instance to minimize the risk of exploitation until a patch is available. Restrict access to the vulnerable module to prevent remote attackers from executing arbitrary code or causing a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.