{ "_class" : "io.jenkins.plugins.analysis.core.restapi.ReportApi", "issues" : [ { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "struts-core-1.3.10.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govwayMonitor.war/WEB-INF/lib/struts-core-1.3.10.jar", "fingerprint" : "FALLBACK-c899e9a0", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2012-1007: LanguageSpecificPackageVulnerability\u000a\u000astruts: multiple XSS flaws\u000a\u000aFor additional help see: **Vulnerability CVE-2012-1007**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|org.apache.struts:struts-core||[CVE-2012-1007](https://avd.aquasec.com/nvd/cve-2012-1007)|\u000a\u000aMultiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.\u000a\u000aPackage: org.apache.struts:struts-core\u000aInstalled Version: 1.3.10\u000aVulnerability CVE-2012-1007\u000aSeverity: MEDIUM\u000aFixed Version: \u000aLink: [CVE-2012-1007](https://avd.aquasec.com/nvd/cve-2012-1007)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1288", "severity" : "NORMAL", "toString" : "struts-core-1.3.10.jar(1,0): CVE-2012-1007: : CVE-2012-1007: LanguageSpecificPackageVulnerability\u000a\u000astruts: multiple XSS flaws\u000a\u000aFor additional help see: **Vulnerability CVE-2012-1007**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|org.apache.struts:struts-core||[CVE-2012-1007](https://avd.aquasec.com/nvd/cve-2012-1007)|\u000a\u000aMultiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.\u000a\u000aPackage: org.apache.struts:struts-core\u000aInstalled Version: 1.3.10\u000aVulnerability CVE-2012-1007\u000aSeverity: MEDIUM\u000aFixed Version: \u000aLink: [CVE-2012-1007](https://avd.aquasec.com/nvd/cve-2012-1007)", "type" : "CVE-2012-1007" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "struts-core-1.3.10.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govwayMonitor.war/WEB-INF/lib/struts-core-1.3.10.jar", "fingerprint" : "FALLBACK-28b84752", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2015-0899: LanguageSpecificPackageVulnerability\u000a\u000a1: input validation bypass in MultiPageValidator\u000a\u000aFor additional help see: **Vulnerability CVE-2015-0899**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.apache.struts:struts-core||[CVE-2015-0899](https://avd.aquasec.com/nvd/cve-2015-0899)|\u000a\u000aThe MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.\u000a\u000aPackage: org.apache.struts:struts-core\u000aInstalled Version: 1.3.10\u000aVulnerability CVE-2015-0899\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2015-0899](https://avd.aquasec.com/nvd/cve-2015-0899)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1288", "severity" : "HIGH", "toString" : "struts-core-1.3.10.jar(1,0): CVE-2015-0899: : CVE-2015-0899: LanguageSpecificPackageVulnerability\u000a\u000a1: input validation bypass in MultiPageValidator\u000a\u000aFor additional help see: **Vulnerability CVE-2015-0899**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.apache.struts:struts-core||[CVE-2015-0899](https://avd.aquasec.com/nvd/cve-2015-0899)|\u000a\u000aThe MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.\u000a\u000aPackage: org.apache.struts:struts-core\u000aInstalled Version: 1.3.10\u000aVulnerability CVE-2015-0899\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2015-0899](https://avd.aquasec.com/nvd/cve-2015-0899)", "type" : "CVE-2015-0899" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "struts-core-1.3.10.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govwayMonitor.war/WEB-INF/lib/struts-core-1.3.10.jar", "fingerprint" : "FALLBACK-e21260e2", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2016-1181: LanguageSpecificPackageVulnerability\u000a\u000astruts: Vulnerability in ActionForm allows unintended remote operations against components on server memory\u000a\u000aFor additional help see: **Vulnerability CVE-2016-1181**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.apache.struts:struts-core||[CVE-2016-1181](https://avd.aquasec.com/nvd/cve-2016-1181)|\u000a\u000aActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.\u000a\u000aPackage: org.apache.struts:struts-core\u000aInstalled Version: 1.3.10\u000aVulnerability CVE-2016-1181\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2016-1181](https://avd.aquasec.com/nvd/cve-2016-1181)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1288", "severity" : "HIGH", "toString" : "struts-core-1.3.10.jar(1,0): CVE-2016-1181: : CVE-2016-1181: LanguageSpecificPackageVulnerability\u000a\u000astruts: Vulnerability in ActionForm allows unintended remote operations against components on server memory\u000a\u000aFor additional help see: **Vulnerability CVE-2016-1181**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.apache.struts:struts-core||[CVE-2016-1181](https://avd.aquasec.com/nvd/cve-2016-1181)|\u000a\u000aActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.\u000a\u000aPackage: org.apache.struts:struts-core\u000aInstalled Version: 1.3.10\u000aVulnerability CVE-2016-1181\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2016-1181](https://avd.aquasec.com/nvd/cve-2016-1181)", "type" : "CVE-2016-1181" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "struts-core-1.3.10.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govwayMonitor.war/WEB-INF/lib/struts-core-1.3.10.jar", "fingerprint" : "FALLBACK-e22ef9d3", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2016-1182: LanguageSpecificPackageVulnerability\u000a\u000astruts: Improper input validation in Validator\u000a\u000aFor additional help see: **Vulnerability CVE-2016-1182**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.apache.struts:struts-core||[CVE-2016-1182](https://avd.aquasec.com/nvd/cve-2016-1182)|\u000a\u000aActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.\u000a\u000aPackage: org.apache.struts:struts-core\u000aInstalled Version: 1.3.10\u000aVulnerability CVE-2016-1182\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2016-1182](https://avd.aquasec.com/nvd/cve-2016-1182)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1288", "severity" : "HIGH", "toString" : "struts-core-1.3.10.jar(1,0): CVE-2016-1182: : CVE-2016-1182: LanguageSpecificPackageVulnerability\u000a\u000astruts: Improper input validation in Validator\u000a\u000aFor additional help see: **Vulnerability CVE-2016-1182**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.apache.struts:struts-core||[CVE-2016-1182](https://avd.aquasec.com/nvd/cve-2016-1182)|\u000a\u000aActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.\u000a\u000aPackage: org.apache.struts:struts-core\u000aInstalled Version: 1.3.10\u000aVulnerability CVE-2016-1182\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2016-1182](https://avd.aquasec.com/nvd/cve-2016-1182)", "type" : "CVE-2016-1182" } ], "size" : 4, "toString" : "4 warnings (high: 3, normal: 1)" }