[email protected]ATLASSIAN:CONFSERVER-60189

HistoryAug 18, 2020 - 1:48 p.m.

Struts 2 CVE-2019-0230 and CVE-2019-0233 impact on Confluence

2020-08-1813:48:36

[email protected]

jira.atlassian.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

h3. Issue Summary
Recently, Apache released the following report regarding two different vulnerabilities in Struts 2:

[|https://struts.apache.org/announce.html#a20200813]

Is Confluence affected by these CVEs?

h3. Steps to Reproduce
Not applicable.

h3. Expected Results
Not applicable

h3. Actual Results
Not applicable

h3. Workaround
Not applicable

CPENameOperatorVersion
confluence server and data centerle6.0

CPE	Name	Operator	Version
	confluence server and data center	le	6.0

nessus 2

f5 2

cisa 1

openvas 2

ibm 12

threatpost 1

osv 4

ubuntucve 2

cve 2

jvn 1

prion 2

redhatcve 2

veracode 2

github 2

githubexploit 5

huawei 1

saint 3

atlassian 2

nuclei 1

packetstorm 2

zdt 2

metasploit 1

attackerkb 2

exploitdb 1

rapid7blog 1

thn 1

kitploit 1

oracle 3

nessus

F5 Networks BIG-IP : Apache Struts vulnerabilities (K35226442)

2023-11-03 00:00:00

Apache Struts 2.x <= 2.5.20 Multiple Vulnerabilities

2020-08-14 00:00:00

K35226442 : Apache Struts vulnerabilities CVE-2019-0233 and CVE-2019-0230

2020-09-11 00:00:00

Apache Struts vulnerabilities CVE-2020-17530 and CVE-2021-31805

2020-12-22 01:45:00

cisa

Apache Releases Security Advisory for Struts 2

2020-08-14 00:00:00

openvas

Apache Struts 2.x < 2.5.22 Multiple Vulnerabilities (S2-059, S2-060) - Linux

2020-08-17 00:00:00

Apache Struts Security Update (S2-059, S2-060)

2020-08-17 00:00:00

ibm

Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.

2021-04-13 13:33:14

Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

2020-11-04 09:04:41

Security Bulletin: Multiple vulnerabilities in Apache Struts affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-0233, CVE-2019-0230)

2020-09-23 04:29:58

threatpost

PoC Exploit Targeting Apache Struts Surfaces on GitHub

2020-08-14 21:20:01

osv

CVE-2019-0233

2020-09-14 17:15:09

Improper Preservation of Permissions in Apache Struts

2022-05-24 17:28:11

Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts

2021-12-02 14:50:51

ubuntucve

CVE-2019-0233

2020-09-14 00:00:00

CVE-2019-0230

2020-09-14 00:00:00

cve

CVE-2019-0233

2020-09-14 17:15:00

CVE-2019-0230

2020-09-14 17:15:00

jvn

JVN#50890770: Apache Struts 2 vulnerable to denial-of-service (DoS)

2020-08-25 00:00:00

prion

Design/Logic Flaw

2020-09-14 17:15:00

Remote code execution

2020-09-14 17:15:00

redhatcve

CVE-2019-0233

2020-08-18 19:29:38

CVE-2019-0230

2020-08-18 19:29:30

veracode

Denial Of Service (DoS)

2020-08-14 01:44:26

Remote Code Execution (RCE)

2020-08-14 01:35:22

github

Improper Preservation of Permissions in Apache Struts

2022-05-24 17:28:11

Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts

2021-12-02 14:50:51

githubexploit

Exploit for Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts

2020-08-13 13:31:52

Exploit for Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts

2020-12-11 03:40:04

Exploit for Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts

2020-10-22 17:55:10

huawei

Security Advisory - Remote Code Execution vulnerability in Apache Struts2

2020-09-02 00:00:00

saint

Apache Struts double OGNL evaluation

2020-11-27 00:00:00

Apache Struts double OGNL evaluation

2020-11-27 00:00:00

Apache Struts double OGNL evaluation

2020-11-27 00:00:00

atlassian

CVE-2019-0230 - Apache Struts Potential Remote Code Execution Vulnerability [Confluence Server is not affected]

2020-09-14 01:58:06

CVE-2019-0230 - Apache Struts Potential Remote Code Execution Vulnerability [Confluence Server is not affected]

2020-09-14 01:58:06

nuclei

Apache Struts <=2.5.20 - Remote Code Execution

2021-03-18 16:04:40

packetstorm

Apache Struts 2 Forced Multi OGNL Evaluation

2020-12-24 00:00:00

Apache Struts 2.5.20 Double OGNL Evaluation

2020-11-17 00:00:00

zdt

Apache Struts 2.5.20 - Double OGNL evaluation Exploit

2020-11-17 00:00:00

Apache Struts 2 Forced Multi OGNL Evaluation Exploit

2020-12-24 00:00:00

metasploit

Apache Struts 2 Forced Multi OGNL Evaluation

2020-12-16 00:17:35

attackerkb

CVE-2020-17530

2020-12-11 00:00:00

CVE-2019-0230

2020-09-14 00:00:00

exploitdb

Apache Struts 2.5.20 - Double OGNL evaluation

2020-11-17 00:00:00

rapid7blog

Metasploit Wrap-Up

2021-01-08 19:54:36

thn

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

2021-08-23 13:27:00

kitploit

Vulmap - Web Vulnerability Scanning And Verification Tools

2020-12-25 11:30:00

oracle

Oracle Critical Patch Update Advisory - January 2021

2021-01-19 00:00:00

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

Oracle Critical Patch Update Advisory - April 2021

2021-04-20 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for ATLASSIAN:CONFSERVER-60189

nessus2 f52 cisa1 openvas2 ibm12 threatpost1 osv4 ubuntucve2 cve2 jvn1 prion2 redhatcve2 veracode2 github2 githubexploit5 huawei1 saint3 atlassian2 nuclei1 packetstorm2 zdt2 metasploit1 attackerkb2 exploitdb1 rapid7blog1 thn1 kitploit1 oracle3