{"id":"MGASA-2016-0244","summary":"Updated struts packages fix security vulnerabilities","details":"Updated struts packages fix security vulnerabilities:\n\nA vulnerability in Apache Struts 1 ActionForm allowing unintended remote\noperations against components on server memory, such as Servlets and\nClassLoader, was found (CVE-2016-1181).\n\nIt was reported that The Apache Struts 1 Validator contains a vulnerability\nwhere input validation configurations (validation rules, error messages, etc.)\nmay be modified. This occurs when ValidatorForm and ValidatorActionForm\n(including its subclasses) are in the session scope (CVE-2016-1182).\n","modified":"2026-04-16T06:25:12.660154197Z","published":"2016-07-08T19:50:50Z","upstream":["CVE-2016-1181","CVE-2016-1182"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0244.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18763"},{"type":"WEB","url":"https://jvn.jp/en/jp/JVN65044642/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UQI2PYM3R4FWEOVHIFT7KUPTILG2DFMZ/"}],"affected":[{"package":{"name":"struts","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/struts?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.10-8.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0244.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}