The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{…} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.

No source data

VendorProductVersionCPE
apachestruts*cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	struts	*	cpe:2.3:a:apache:struts::::::::

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31805

cwiki.apache.org/confluence/display/WW/S2-062

githubexploit 8

nessus 5

saint 2

atlassian 2

prion 2

cve 2

github 3

ibm 14

osv 4

jvn 1

ubuntucve 2

openvas 4

checkpoint_advisories 1

cisa 1

qualysblog 2

cisa_kev 1

nuclei 2

veracode 2

redhatcve 2

metasploit 1

attackerkb 2

packetstorm 1

zdt 1

f5 1

rapid7blog 1

oracle 6

githubexploit

Exploit for Expression Language Injection in Apache Struts

2020-12-09 09:53:08

Exploit for Expression Language Injection in Apache Struts

2020-12-08 11:10:46

Exploit for Expression Language Injection in Apache Struts

2021-01-24 07:51:31

nessus

Apache Struts 2.0.0 < 2.5.26 Possible Remote Code Execution vulnerability (S2-061)

2021-07-06 00:00:00

Apache Struts 2.x < 2.5.26 RCE (S2-061)

2020-12-09 00:00:00

F5 Networks BIG-IP : Apache Struts vulnerabilities (K24608264)

2023-11-03 00:00:00

saint

Apache Struts forced OGNL evaluation incomplete fix

2022-04-26 00:00:00

Apache Struts forced OGNL evaluation incomplete fix

2022-04-26 00:00:00

atlassian

Update Apache Struts 2 to avoid CVE-2020-17530

2021-02-22 11:35:48

Update Apache Struts 2 to avoid CVE-2020-17530

2021-02-22 11:35:48

prion

Remote code execution

2020-12-11 02:15:00

Remote code execution

2022-04-12 16:15:00

cve

CVE-2020-17530

2020-12-11 02:15:00

CVE-2021-31805

2022-04-12 16:15:00

github

Remote code execution in Apache Struts

2022-02-09 22:51:56

Expression Language Injection in Apache Struts

2022-04-13 00:00:30

Bypassing OGNL sandboxes for fun and charities

2023-01-27 16:00:49

ibm

Security Bulletin: CVE-2020-17530 may affect Apache struts2-core used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

2022-06-09 08:00:32

Security Bulletin: Vulnerability in Apache Struts framework affects IBM Spectrum Symphony

2021-03-19 09:21:51

2022-06-09 08:03:35

osv

Remote code execution in Apache Struts

2022-02-09 22:51:56

CVE-2020-17530

2020-12-11 02:15:10

Expression Language Injection in Apache Struts

2022-04-13 00:00:30

jvn

JVN#43969166: Apache Struts 2 vulnerable to remote code execution (S2-061)

2020-12-11 00:00:00

ubuntucve

CVE-2020-17530

2020-12-11 00:00:00

CVE-2021-31805

2022-04-12 00:00:00

openvas

Apache Struts Security Update (S2-061) - Active Check

2021-04-22 00:00:00

Apache Struts Security Update (S2-061) - Version Check

2020-12-14 00:00:00

Apache Struts Security Update (S2-062) - Active Check

2022-05-04 00:00:00

checkpoint_advisories

Apache Struts Remote Code Execution (CVE-2020-17530)

2020-12-21 00:00:00

cisa

Apache Releases Security Update for Apache Struts 2

2020-12-08 00:00:00

qualysblog

Apache Struts 2 Double OGNL Evaluation Vulnerability (CVE-2020-17530)

2021-09-21 14:40:00

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

cisa_kev

Apache Struts Remote Code Execution Vulnerability

2021-11-03 00:00:00

nuclei

Apache Struts 2.0.0-2.5.25 - Remote Code Execution

2021-01-27 18:47:58

Apache Struts2 S2-062 - Remote Code Execution

2022-04-18 11:08:19

veracode

Remote Code Execution

2020-12-09 05:42:42

Remote Code Execution (RCE)

2022-04-13 04:46:59

redhatcve

CVE-2020-17530

2020-12-08 19:34:44

CVE-2021-31805

2022-04-13 06:28:32

metasploit

Apache Struts 2 Forced Multi OGNL Evaluation

2020-12-16 00:17:35

attackerkb

CVE-2021-31805

2022-04-12 00:00:00

CVE-2020-17530

2020-12-11 00:00:00

packetstorm

Apache Struts 2 Forced Multi OGNL Evaluation

2020-12-24 00:00:00

zdt

Apache Struts 2 Forced Multi OGNL Evaluation Exploit

2020-12-24 00:00:00

Apache Struts vulnerabilities CVE-2020-17530 and CVE-2021-31805

2020-12-22 01:45:00

rapid7blog

Metasploit Wrap-Up

2021-01-08 19:54:36

oracle

Oracle Critical Patch Update Advisory - January 2021

2021-01-19 00:00:00

Oracle Critical Patch Update Advisory - July 2021

2021-07-20 00:00:00

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for WEB_APPLICATION_SCANNING_113226