Common Vulnerabilities and Exposures assigned an identifier CVE-2012-1007 to the following vulnerability: Name: CVE-2012-1007 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1007 Assigned: 20120206 Reference: http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt Reference: http://secpod.org/blog/?p=450 Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
Statement: Not Vulnerable. This issue only affects the struts-cookbook and struts-examples packages, which are not shipped by Red Hat. It does not affect the struts component as shipped with various Red Hat products.