Common Vulnerabilities and Exposures assigned an identifier CVE-2006-1548 to the following vulnerability: Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message. References: http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html http://issues.apache.org/bugzilla/show_bug.cgi?id=38749 http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html http://www.securityfocus.com/bid/17342 http://www.frsirt.com/english/advisories/2006/1205 http://securitytracker.com/id?1015856 http://secunia.com/advisories/19493 http://secunia.com/advisories/20117 http://xforce.iss.net/xforce/xfdb/25614
This was addressed via: Red Hat Application Server 3AS (RHSA-2006:0281) Red Hat Application Server v2 4AS (RHSA-2006:0281)