Red Hat Bugzilla – Bug 187542
CVE-2006-1546 Struts multiple issues (CVE-2006-1547, CVE-2006-1548)
Last modified: 2008-01-28 11:34:54 EST
Struts 1.2.9 has been released wich fixes 3 security issues.
* CVE-2006-1546 Validation always skipped with Globals.CANCEL_KEY.
* CVE-2006-1547 DOS attack, application hack.
* CVE-2006-1548 XSS vulnerability in LookupDispatchAction.
This issue should also affect RHAPS1
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.