{
  "threat_severity" : "Important",
  "public_date" : "2016-06-07T00:00:00Z",
  "bugzilla" : {
    "description" : "struts: Vulnerability in ActionForm allows unintended remote operations against components on server memory",
    "id" : "1343538",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343538"
  },
  "cvss" : {
    "cvss_base_score" : "6.8",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "status" : "draft"
  },
  "details" : [ "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899." ],
  "statement" : "This issue affects the version of struts shipped with Red Hat Enterprise Linux 5, which is currently in Extended Life Phase. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification https://access.redhat.com/security/updates/classification/ and the Red Hat Enterprise Linux Life Cycle https://access.redhat.com/support/policy/updates/errata/.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "struts",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Web Server 2",
    "fix_state" : "Not affected",
    "package_name" : "struts",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:2"
  }, {
    "product_name" : "Red Hat Satellite 5",
    "fix_state" : "Will not fix",
    "package_name" : "struts",
    "cpe" : "cpe:/a:redhat:network_satellite:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-1181\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1181\nhttps://jvn.jp/en/jp/JVN03188560/" ],
  "name" : "CVE-2016-1181",
  "csaw" : false
}