be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +208 more potentially affected by CVE-2014-0112 via org.apache.struts:struts2-core (>=2.0.11 <=2.3.1.2)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =0.5.9, =1.2.0, =1.0.0, =2.0, =1.0.3, =1.2.2, =1.4.0 and more Source cves: CVE-2014-0112 Source advisory: OSV:GHSA-PRJV-JJ26-WF8H...

Security Bulletin: IBM Sterling Order Management, IBM Sterling Configure, Price, Quote and Sterling Web Channel are affected by Apache Struts 2 security vulnerabilities

Summary IBM Sterling Order Management, IBM Sterling Configure Price Quote and Sterling Web Channel use Apache Struts 2 and are affected by some of the vulnerabilities that exist in Apache Struts 2. Now a vulnerability related to Apache Commons FileUpload version included with Apache Struts 2...

Important: Red Hat Security Advisory: Red Hat Fuse 7.3 security update

A minor version update from 7.2 to 7.3 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

Security Bulletin: IBM Platform Symphony (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)

Summary Several security vulnerabilities have been reported against Apache Struts 2 through May 2014. IBM Platform Symphony’s GUI uses Struts 2 as a framework for Java web applications. A version of the package that is vulnerable to these issues is included in several past versions of IBM Platfor...

Security Bulletin: The IBM FlashSystem V840 product model numbers AC0 and AC1 nodes are affected by vulnerabilities in Apache’s Struts library

Summary Security vulnerabilities have been discovered in Apache’s Struts library Vulnerability Details CVE-ID: CVE-2014-0112, CVE-2014-0094, & CVE-2014-0050 DESCRIPTION: FlashSystem V840 model number -AC0, and –AC1 nodes use the Apache Struts library. Struts is used only by the Service Assist GUI...

Security Bulletin: The IBM V840 product model number AE1 node is affected by vulnerabilities in Apache’s Struts library

Summary Security vulnerabilities have been discovered in Apache’s Struts library Vulnerability Details CVE-ID: CVE-2014-0112, CVE-2014-0094, & CVE-2014-0050 DESCRIPTION: FlashSystem V840-AE1 uses the Apache Struts library. Struts is used only by the Service Assist GUI. CVE-2014-0112 Apache Struts...

Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts ClassLoader Manipulation Remote Code Execution',...

Oracle WebCenter Sites Multiple Vulnerabilities (April 2015 CPU)

The Oracle WebCenter Sites installed on the remote host is missing patches from the April 2015 CPU. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker,...

MySQL Enterprise Monitor 3.0.x < 3.0.11 Multiple Vulnerabilities

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker, using a crafted...

Apache Struts ClassLoader Manipulation Remote Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module...

VMware Patches Apache Struts Flaws in vCOPS

VMware has patched several serious security vulnerabilities in its vCenter Operations Center Management suite, one of which could lead to remote code execution on vulnerable machines. All of the vulnerabilities that the company patched lie in the Apache Struts Java application framework, and the...

Security Advisory-Multiple Heap Overflow Vulnerabilities in Huawei Campus Series Switches

Some Huawei Campus series switches have three heap overflow vulnerabilities. When receiving some special malformed packets, such devices access heap memory that is beyond the valid range and cause unexpected restart of the devices. If an attacker keeps sending such malformed packets, the devices...

SOL15261 - Apache Struts vulnerability CVE-2014-0112

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

Struts2 远程命令执行

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module...

Apache Struts ClassLoader Manipulation Remote Code Execution Exploit

This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Apache Struts versions 'Mark Thomas', Vulnerabilit...

Apache Struts - ClassLoader Manipulation Remote Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module exploits a remote command execution...

CVE-2014-0112

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for...

CVE-2014-0112

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for...

CVE-2014-0112

creationtimestamp| type| source ---|---|--- 2014-03-06 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41690 2014-05-02 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/33142 2014-10-20 06:04:12+00:00| seen| MISP/5444a4b6-a7b8-41f0-8f49-45c7950d210b 2018-05-29...