3 matches found
VulnCheck KEV: CVE-2013-2134
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135...
Apache Struts 2.x < 2.3.14.3 Remote Code Execution Vulnerability (S2-012)
The version of Apache Struts running on the remote host is 2.x prior to 2.3.14.3. It, therefore, is affected by a remote command execution vulnerability in the ParameterInterceptor class due to improper handling of user-supplied input data. An unauthenticated, remote attacker could exploit this...
Apache Struts - OGNL Expression Injection
Apache Struts - OGNL Expression Injection source: https://www.securityfocus.com/bid/60345/info Apache Struts is prone to a remote OGNL expression injection vulnerability. Remote attackers can exploit this issue to manipulate server-side objects and execute arbitrary commands within the context of...