By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

View all Vulnerabilities

CVE-2012-1007

Cross-Site Scripting

Affects

Apache Struts

<=1.3.10

Struts

Patch Available

This Vulnerability has been fixed in the Never-Ending Support (NES) version offered by HeroDevs

View NES Solution

Overview

Apache Struts is a popular open-source web application framework for developing Java EE web applications. It provides robust support for creating modern Java-based enterprise applications.

‍

A Cross-Site scripting (XSS) vulnerability (CVE-2012-1007) has been identified in Apache Struts, which allows attackers to access information and compromise accounts.

‍

Per OWASP: Cross-Site Scripting attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. An attacker can use XSS to send a malicious script to an unsuspecting user.

‍

This issue affects multiple versions before and including 1.3.10

‍

Details

Module Info

Product: Apache Struts 1
Affected packages: struts-cookbook, struts-examples
Affected versions: <=1.3.10
GitHub repository: https://github.com/apache/struts1
Package manager: Maven
Fixed in: NES for Struts Struts 1 v1.3.11

‍

Vulnerability Info

The example projects in Apache Struts 1.3.10 contain multiple cross-site scripting (XSS) vulnerabilities, allowing remote attackers to inject arbitrary web scripts or HTML via (1) the name parameter in struts-examples/upload/upload-submit.do, or the message parameter in (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do. These issues stem from the configuration of the example projects and do not constitute a vulnerability in the officially published Struts 1 framework.

‍

Steps To Reproduce

Locate the Example Project

The struts-cookbook example project is found here.
This project has been updated with a fix—compare the filter setting on this line with the OSS example version line.

Set Up the Test Environment

Clone the nes-struts1-test-app project.
Update filter=false on the specified line.

Reproduce the Issue

Follow the steps in the README to build and run the project.
Navigate to struts-cookbook-1.3.10/prepareSimple.do.
In the Enter a message (you may use HTML tags): field, input the following:
html

<script>alert("SecPod-XSS-TEST")</script>

‍

Submit the form and observe that an alert appears, indicating the vulnerability.

Verify the Fix

Change the filter flag back to its original value.
Rebuild the project.
Repeat the test—this time, the input should be displayed as plain text, confirming that the fix is effective.

‍

Credit

Antu Sanadi - SecPod Technologies

Mitigation

Struts 1 is no longer community-supported. The community support version will not receive any updates to address this issue. For more information, see here.

‍

Users of the affected components should apply one of the following mitigations:

Evaluate proper use of filter flag and input sanitization in Struts 1 applications.
Leverage a commercial support partner like HeroDevs for post-EOL security support.

‍