Lucene search

Basic search
Lucene search
Search by product

Vendors

Products

Dsquare SecurityE-666

HistoryOct 20, 2018 - 12:00 a.m.

Apache Struts 2 Multiple Tags Result Namespace Handling RCE

2018-10-2000:00:00

Dsquare Security

403

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.976 High

EPSS

Percentile

100.0%

JSON

Remote command execution vulnerability in Apache Struts 2 multiple tags result namespace handling

Vulnerability Type: Remote Command Execution

For the exploit source code contact DSquare Security sales team.

akamaiblog 1

threatpost 20

prion 1

ibm 8

veracode 1

openvas 3

zdt 4

nessus 7

packetstorm 3

exploitpack 1

redhatcve 1

attackerkb 3

trendmicroblog 1

krebs 1

cve 1

impervablog 2

cisa_kev 1

qualysblog 3

talosblog 1

osv 2

metasploit 1

kitploit 5

cisco 1

nuclei 1

myhack58 3

checkpoint_advisories 1

ubuntucve 1

f5 1

github 2

exploitdb 2

githubexploit 3

thn 3

rapid7blog 1

fireeye 1

oracle 3

akamaiblog

Web Application and API Protection -- From SQL Injection to Magecart

2020-09-09 13:00:00

threatpost

On xDedic, a Flash Zero Day, Facial Recognition, and More

2016-06-17 11:15:12

Amazon Web Services Combing Third Parties for Credentials

2014-04-02 15:01:53

DYN Confirms DDoS Attack Knocking Out Twitter, Spotify Other Major Sites

2016-10-21 10:01:14

prion

Remote code execution

2018-08-22 13:29:00

ibm

Security Bulletin: IBM Security Guardium is affected by a Publicly disclosed Apache Struts vulnerability

2018-09-28 04:30:01

Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty

2018-11-12 12:55:02

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem V840

2019-02-18 15:05:01

veracode

Remote Code Execution (RCE)

2018-08-22 17:36:38

openvas

Apache Struts Security Update (S2-057) - Version Check

2018-08-23 00:00:00

Huawei Data Communication: Apache Struts2 S2-057 Remote Code Execution Vulnerability in Some Huawei Products (huawei-sa-20181121-01-struts2)

2020-06-05 00:00:00

Apache Struts Security Update (S2-057) - Active Check

2018-08-27 00:00:00

zdt

Apache Struts 2.x Remote Code Execution Vulnerability

2018-08-24 00:00:00

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2) Exploit

2018-08-28 00:00:00

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1) Exploit

2018-08-28 00:00:00

nessus

Apache Struts CVE-2018-11776 Results With No Namespace Possible Remote Code Execution (S2-057)

2018-08-22 00:00:00

Apache Struts CVE-2018-11776 Results With No Namespace Remote Code Execution (S2-057) (remote)

2018-08-23 00:00:00

Cisco Unified Communication Manager Apache Struts RCE (CSCvm14042)

2018-09-05 00:00:00

packetstorm

Apache Struts 2 Namespace Redirect OGNL Injection

2018-09-07 00:00:00

Apache Struts 2.3 / 2.5 Remote Code Execution

2018-08-26 00:00:00

Apache Struts 2.3 / 2.5 Remote Code Execution

2018-08-25 00:00:00

exploitpack

Apache Struts 2.3 2.3.34 2.5 2.5.16 - Remote Code Execution (1)

2018-08-26 00:00:00

redhatcve

CVE-2018-11776

2018-08-22 08:49:33

attackerkb

CVE-2018-11776

2018-08-22 00:00:00

CVE-2019-0230

2020-09-14 00:00:00

CVE-2022-26134

2022-07-13 00:00:00

trendmicroblog

Server Security for the Modern IT Ecosystem

2019-01-03 15:30:46

krebs

Experts Urge Rapid Patching of ‘Struts’ Bug

2018-08-23 20:22:35

cve

CVE-2018-11776

2018-08-22 13:29:00

impervablog

Read: Apache Struts Patches ‘Critical Vulnerability’ CVE-2018-11776

2018-08-23 14:25:36

The World’s Most Popular Coding Language Happens to be Most Hackers’ Weapon of Choice

2018-09-26 16:18:36

cisa_kev

Apache Struts Remote Code Execution Vulnerability

2021-11-03 00:00:00

qualysblog

Security News: Hackers Aim Ransomware at Big Cos., as Experts Call for Swift Patching of Struts Bug

2018-08-27 18:32:33

Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776

2018-08-23 20:27:19

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

talosblog

Connecting the dots between recently active cryptominers

2018-12-18 08:33:00

osv

Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

2018-10-18 19:24:38

CVE-2018-11776

2018-08-22 13:29:00

metasploit

Apache Struts 2 Namespace Redirect OGNL Injection

2018-08-31 18:48:22

kitploit

Mitaka - A Browser Extension For OSINT Search

2019-09-21 12:00:00

Apache Struts v3 - Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts

2018-08-26 21:14:00

Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts

2019-05-12 13:09:00

cisco

Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018

2018-08-23 20:00:00

nuclei

Apache Struts2 S2-057 - Remote Code Execution

2021-02-24 04:29:30

myhack58

Apache Struts2 S2-057 vulnerability analysis and early warning-vulnerability warning-the black bar safety net

2018-08-23 00:00:00

Apache Struts OGNL injection vulnerability principle with an example-vulnerability warning-the black bar safety net

2019-03-30 00:00:00

S2-057 vulnerability in the original author's README: how to use automated tools find 5 RCE-vulnerability warning-the black bar safety net

2018-08-23 00:00:00

checkpoint_advisories

Apache Struts Remote Code Execution (CVE-2018-11776)

2018-08-23 00:00:00

ubuntucve

CVE-2018-11776

2018-08-22 00:00:00

K60499474 : Apache Struts vulnerability CVE-2018-11776

2018-08-24 00:00:00

github

Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

2018-10-18 19:24:38

Bypassing OGNL sandboxes for fun and charities

2023-01-27 16:00:49

exploitdb

Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)

2018-09-10 00:00:00

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1)

2018-08-26 00:00:00

githubexploit

Exploit for Injection in Atlassian Confluence

2021-10-06 23:24:24

Exploit for Injection in Atlassian Confluence

2021-10-06 23:24:24

Exploit for Injection in Atlassian Confluence

2021-10-06 23:24:24

thn

Cisco Issues Security Patch Updates for 32 Flaws in its Products

2018-09-06 08:45:00

New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers

2018-08-22 14:04:00

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

2021-08-23 13:27:00

rapid7blog

Active Exploitation of Confluence CVE-2022-26134

2022-06-02 23:27:15

fireeye

Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two

2020-04-13 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2019

2019-01-15 00:00:00

Oracle Critical Patch Update - October 2018

2018-12-18 00:00:00

Oracle Critical Patch Update Advisory - July 2020

2020-07-14 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.976 High

EPSS

Percentile

100.0%

JSON

Related for E-666