Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

SUSE CVE
SUSE CVEadded 2023/02/15 5:49 a.m.3 views

SUSE CVE-2012-0392

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...

6.8CVSS8.3AI score0.96787EPSS
Exploits1References3
SUSE CVE
SUSE CVEadded 2023/02/15 5:32 a.m.2 views

SUSE CVE-2014-0116

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

5.8CVSS9.1AI score0.06745EPSS
Exploits0References3
BDU FSTEC
BDU FSTECadded 2022/10/20 12:0 a.m.3 views

The vulnerability of the CookieInterceptor class implementation in the Apache Struts software platform allows a hacker to execute arbitrary code.

The vulnerability of the CookieInterceptor class implementation in the Apache Struts software platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary code using a specially created HTTP cookie header...

7.3CVSS8.2AI score0.96787EPSS
Exploits1References10Affected Software2
VulnCheck KEV
VulnCheck KEVadded 2022/05/11 12:0 a.m.0 views

VulnCheck KEV: CVE-2014-0113

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists...

7.5CVSS7.2AI score0.78306EPSS
Exploits7References1
BDU FSTEC
BDU FSTECadded 2016/07/06 12:0 a.m.3 views

The vulnerability of the implementation of the getClass method in the CookieInterceptor class of the Apache Struts software framework allows a hacker to gain access to read, modify, or delete data.

The vulnerability of the CookieInterceptor class implementation in the Apache Struts software platform is related to deficiencies in access control when processing the cookiesName parameter with the symbol “”. Exploiting this vulnerability can allow an attacker to gain access to, read, modify, or...

6.1CVSS6.9AI score0.99564EPSS
Exploits7References5Affected Software4
BDU FSTEC
BDU FSTECadded 2016/07/06 12:0 a.m.2 views

The vulnerability of the implementation of the getClass method in the CookieInterceptor class of the Apache Struts software framework allows a hacker to execute arbitrary code.

The vulnerability of the CookieInterceptor class implementation in the Apache Struts software platform is related to deficiencies in access control when processing the cookiesName value with a placeholder. Exploiting this vulnerability could allow an attacker to execute arbitrary code by sending ...

7.5CVSS7.6AI score0.78306EPSS
Exploits7References5Affected Software3
Rows per page
Query Builder