ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2022-3025 | ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899. |
![]() |
GHSA-7jw3-5q4w-89qg | Improper Input Validation in Apache Struts |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sun, 13 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|

Status: PUBLISHED
Assigner: jpcert
Published:
Updated: 2024-08-05T22:48:13.522Z
Reserved: 2015-12-26T00:00:00
Link: CVE-2016-1181

No data.

Status : Deferred
Published: 2016-07-04T22:59:01.617
Modified: 2025-04-12T10:46:40.837
Link: CVE-2016-1181


No data.