Lucene search

KitPloitKITPLOIT:4611207874033525364

HistoryAug 26, 2018 - 9:14 p.m.

Apache Struts v3 - Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts

2018-08-2621:14:00

www.kitploit.com

1106

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

10 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Script contains the fusion of 3 RCE vulnerabilities on ApacheStruts, it also has the ability to create server shells.

SHELL phpfinished jsp process

CVE ADD CVE-2013-2251'action:', 'redirect:' and 'redirectAction' CVE-2017-5638Content-Type CVE-2018-11776 'redirect:' and 'redirectAction'

Download Apache-Struts-v3

References

github.com/s1kr10s/Apache-Struts-v3

myhack58

Apache Struts OGNL injection vulnerability principle with an example-vulnerability warning-the black bar safety net

2019-03-30 00:00:00

S2-057 vulnerability in the original author's README: how to use automated tools find 5 RCE-vulnerability warning-the black bar safety net

2018-08-23 00:00:00

Apache Struts2 S2-057 vulnerability analysis and early warning-vulnerability warning-the black bar safety net

2018-08-23 00:00:00

threatpost

Record Oracle Patch Update Addresses ShadowBrokers, Struts 2 Vulnerabilities

2017-04-19 07:20:09

Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild

2018-09-05 17:48:03

On xDedic, a Flash Zero Day, Facial Recognition, and More

2016-06-17 11:15:12

openvas

Apache Struts Security Update (S2-057) - Active Check

2018-08-27 00:00:00

Apache Archiva Multiple Remote Command Execution Vulnerabilities

2014-01-15 00:00:00

Apache Struts Security Update (S2-057) - Version Check

2018-08-23 00:00:00

thn

New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers

2018-08-22 14:04:00

UK Regulator Fines Equifax £500,000 Over 2017 Data Breach

2018-09-20 13:54:00

New Apache Struts Zero-Day Vulnerability Being Exploited in the Wild

2017-03-09 01:03:00

attackerkb

CVE-2019-0230

2020-09-14 00:00:00

CVE-2013-2251

2013-07-20 00:00:00

CVE-2018-11776

2018-08-22 00:00:00

packetstorm

Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution

2013-07-25 00:00:00

Apache Struts 2.3 / 2.5 Remote Code Execution

2018-08-25 00:00:00

Apache Struts 2.3 / 2.5 Remote Code Execution

2018-08-26 00:00:00

seebug

Apache Struts2 多个前缀参数远程命令执行漏洞(CVE-2013-2251)

2013-07-17 00:00:00

S2-046: Struts 2 Remote Code Execution vulnerability（CVE-2017-5638）

2017-03-21 00:00:00

S2-045: Struts 2 Remote Code Execution vulnerability（CVE-2017-5638）

2017-03-06 00:00:00

github

Code injection in Apache Struts

2022-05-13 01:14:26

Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

2018-10-18 19:24:38

Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

2018-10-18 19:24:26

jvn

JVN#33504150: Apache Struts vulnerable to remote command execution

2013-09-06 00:00:00

checkpoint_advisories

Apache Struts Remote Command Execution (CVE-2013-2251)

2013-07-25 00:00:00

Apache Struts Remote Code Execution (CVE-2018-11776)

2018-08-23 00:00:00

Apache Struts Remote Command Execution - Ver2 (CVE-2013-2251)

2015-05-18 00:00:00

DSquare Exploit Pack: D2SEC_STRUTS4

2013-07-20 03:37:00

nessus

Apache Struts 2 'action:' Parameter Arbitrary Remote Command Execution

2013-07-19 00:00:00

Selligent Message Studio Struts Code Execution (CVE-2013-2251)

2020-11-05 00:00:00

Apache Struts CVE-2018-11776 Results With No Namespace Possible Remote Code Execution (S2-057)

2018-08-22 00:00:00

osv

Code injection in Apache Struts

2022-05-13 01:14:26

CVE-2018-11776

2018-08-22 13:29:00

Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

2018-10-18 19:24:38

prion

Code injection

2013-07-20 03:37:00

Remote code execution

2018-08-22 13:29:00

Design/Logic Flaw

2017-03-11 02:59:00

securityvulns

[SECURITY] CVE-2013-2251: Apache Continuum affected by Remote Command Execution

2014-06-14 00:00:00

[SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution

2014-05-04 00:00:00

Struts2 Prefixed Parameters OGNL Injection Vulnerability

2013-09-09 00:00:00

saint

Apache Struts DefaultActionMapper redirect Prefix Vulnerability

2013-08-01 00:00:00

Apache Struts DefaultActionMapper redirect Prefix Vulnerability

2013-08-01 00:00:00

Apache Struts DefaultActionMapper redirect Prefix Vulnerability

2013-08-01 00:00:00

dsquare

Apache-Struts DefaultActionMapper < 2.3.15.1 RCE Linux

2013-10-20 00:00:00

Apache Struts 2 Multiple Tags Result Namespace Handling RCE

2018-10-20 00:00:00

canvas

Immunity Canvas: STRUTS2_DEFAULT_ACTION_MAPPER

2013-07-20 03:37:00

Immunity Canvas: STRUTS_OGNL

2017-03-11 02:59:00

zdt

Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution

2013-07-26 00:00:00

Apache Struts 2.x Remote Code Execution Vulnerability

2018-08-24 00:00:00

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2) Exploit

2018-08-28 00:00:00

ubuntucve

CVE-2013-2251

2013-07-20 00:00:00

CVE-2018-11776

2018-08-22 00:00:00

CVE-2017-5638

2017-03-11 00:00:00

cisa_kev

Apache Struts Improper Input Validation Vulnerability

2022-03-25 00:00:00

Apache Struts Remote Code Execution Vulnerability

2021-11-03 00:00:00

Apache Struts Remote Code Execution Vulnerability

2021-11-03 00:00:00

nuclei

Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution

2020-10-13 22:06:01

Apache Struts2 S2-057 - Remote Code Execution

2021-02-24 04:29:30

Apache Struts 2 - Remote Command Execution

2020-08-19 13:13:31

veracode

Remote Code Execution (RCE)

2018-08-22 17:36:38

Remote Code Execution (RCE) Through Jakarta Multipart Parser

2017-03-09 12:39:55

ibm

Security Bulletin: IBM Security Guardium is affected by a Publicly disclosed Apache Struts vulnerability

2018-09-28 04:30:01

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem 840 and 900

2023-02-18 01:45:50

Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Platform Application Center

2018-09-25 13:15:02

akamaiblog

Web Application and API Protection -- From SQL Injection to Magecart

2020-09-09 13:00:00

K60499474 : Apache Struts vulnerability CVE-2018-11776

2018-08-24 00:00:00

K14933 : Apache Struts vulnerability CVE-2013-2251

2014-05-16 00:00:00

K43451236 : Apache Struts 2 vulnerability CVE-2017-5638

2017-03-09 00:00:00

talosblog

Connecting the dots between recently active cryptominers

2018-12-18 08:33:00

qualysblog

Security News: Hackers Aim Ransomware at Big Cos., as Experts Call for Swift Patching of Struts Bug

2018-08-27 18:32:33

How To Prioritize Vulnerabilities in a Modern IT Environment

2018-05-07 16:00:10

The Sky Is Falling! Responding Rationally to Headline Vulnerabilities

2018-04-19 23:00:03

kitploit

Mitaka - A Browser Extension For OSINT Search

2019-09-21 12:00:00

struts-pwn - An exploit for Apache Struts CVE-2017-5638

2017-03-14 13:34:00

Struts2Shell - Interactive Shell Command to Exploit Apache Struts CVE-2017-5638

2017-03-17 14:22:00

metasploit

Apache Struts 2 Namespace Redirect OGNL Injection

2018-08-31 18:48:22

cisco

Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018

2018-08-23 20:00:00

Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products

2013-10-23 16:00:00

Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products

2017-03-10 19:30:00

exploitpack

Apache Struts 2.3 2.3.34 2.5 2.5.16 - Remote Code Execution (1)

2018-08-26 00:00:00

Apache Struts2 2.0.0 2.3.15 - Prefixed Parameters OGNL Injection

2014-01-14 00:00:00

redhatcve

CVE-2018-11776

2018-08-22 08:49:33

CVE-2017-5638

2017-03-08 11:53:37

trendmicroblog

Server Security for the Modern IT Ecosystem

2019-01-03 15:30:46

Sound, Fury, And Nothing One Year After Equifax

2018-09-07 12:00:34

Linux is secure…right?

2017-06-15 19:00:13

impervablog

Read: Apache Struts Patches ‘Critical Vulnerability’ CVE-2018-11776

2018-08-23 14:25:36

Two New Trends Make Early Breach Detection and Prevention a Security Imperative

2022-08-31 13:47:34

Keeping Your WAF Relevant: Emergency Feed Pushes New Mitigations in Just Hours

2018-04-26 19:01:59

krebs

Experts Urge Rapid Patching of ‘Struts’ Bug

2018-08-23 20:22:35

Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop

2017-09-14 18:03:12

cve

CVE-2018-11776

2018-08-22 13:29:00

CVE-2013-2251

2013-07-20 03:37:00

CVE-2017-5638

2017-03-11 02:59:00

hackerone

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

2017-03-09 17:59:08

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

2017-03-13 13:22:29

U.S. Dept Of Defense: Remote code execution vulnerability on a DoD website

2017-03-13 04:14:12

malwarebytes

Equifax breach: What you need to know [updated]

2017-09-08 07:02:47

atlassian

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

2017-03-10 04:31:09

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

2017-03-10 04:57:51

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

2017-03-10 04:57:51

lenovo

Apache Struts Open Source Framework Remote Code Execution - us

2017-06-09 00:00:00

Apache Struts Open Source Framework Remote Code Execution - Lenovo Support US

2017-06-09 00:00:00

vmware

VMware product updates resolve remote code execution vulnerability via Apache Struts 2

2017-03-13 00:00:00

VMware product updates resolve remote code execution vulnerability via Apache Struts 2

2017-03-13 00:00:00

rapid7community

Apache Struts Vulnerability (CVE-2017-5638) Exploit Traffic

2017-03-15 14:29:55

securelist

Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol

2023-12-14 13:00:40

cloudfoundry

CVE-2017-5638: Apache Struts Remote Code Execution | Cloud Foundry

2017-03-14 00:00:00

cert

Apache Struts 2 is vulnerable to remote code execution

2017-03-14 00:00:00

huawei

Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products

2017-03-16 00:00:00

githubexploit

Exploit for Injection in Atlassian Confluence

2021-10-06 23:24:24

Exploit for Injection in Atlassian Confluence

2021-10-06 23:24:24

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

10 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Apache Struts v3 - Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts

References

Related