CVE-2006-1546

Name of the Vulnerable Software and Affected Versions: Apache Software Foundation (ASF) Struts versions prior to 1.2.9

Description: The issue allows remote attackers to bypass validation by sending a request with a parameter org.apache.struts.taglib.html.Constants.CANCEL, causing the action to be canceled without being detected by applications that do not use the isCancelled check.

Recommendations: For versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue. As a temporary workaround, consider adding the isCancelled check in applications to detect canceled actions.