EUVD-2022-4176

Malicious code in bioql PyPI...

K15262: Apache Struts vulnerability CVE-2014-0113

Security Advisory Description CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request...

K13434228: Apache Struts vulnerability CVE-2012-0392

Security Advisory Description The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...

SUSE CVE-2014-0113

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists...

ClassLoader manipulation in Apache Struts

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists...

GHSA-3C5C-XRQ4-QHR8 ClassLoader manipulation in Apache Struts

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists...

GHSA-HMHQ-382Q-MP56 ClassLoader manipulation in Apache Struts

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

ClassLoader manipulation in Apache Struts

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

GHSA-2PPP-XJ34-VVF7 Apache Struts's CookieInterceptor component does not use the parameter-name whitelist

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...

Apache Struts's CookieInterceptor component does not use the parameter-name whitelist

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...

Apache Struts ClassLoader Manipulation Vulnerabilities (S2-021) - Linux

ClassLoader Manipulation in Apache Struts allows remote attackers to execute arbitrary Java code. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Apache Struts 2.x < 2.3.20 Multiple ClassLoader Manipulation Vulnerabilities (S2-021)

The version of Apache Struts running on the remote host is 2.x prior to to 2.3.20. It, therefore, is affected by multiple class loader vulnerabilities: - A class loader vulnerability exists in ParametersInterceptor due to improper access restriction to the getClass method. A remote, unauthenticat...

Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities

No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20120104-0 ======================================================================= title: Multiple critical vulnerabilities in Apache Struts2 product: Apache Struts2 OpenSymphony XWork OpenSymphony OGNL vulnerable...

Class Loader Manipulation With CookieInterceptor

Struts 2 Core is vulnerable to class loader manipulation vulnerability. The vulnerability exists because the getClass method does not properly restrict access to cookies as it accepts all cookie names when "\" is used to configure cookiesName parameter which allows remote attackers to manipulate...

Apache Struts 2 CookieInterceptor Unspecified Security Bypass (S2-022)

The remote web application appears to use Struts 2, a Java based web application framework. The version of Struts 2 in use is affected by a security bypass vulnerability due to a flaw with CookieInterceptor. A remote, unauthenticated attacker can exploit this issue to manipulate the ClassLoader a...

CVE-2014-0116

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

CVE-2014-0116

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

Design/Logic Flaw

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

CVE-2014-0116

Apache Struts 2.x vulnerable to ClassLoader manipulation via CookieInterceptor (getClass access) when using wildcard cookiesName, allowing remote code execution. Affects Struts 2.x before 2.3.20 (and multiple related CVEs linked to the same class loader flaw, including CVE-2014-0112 and CVE-2014-...

[ANN] Struts 2.3.16.2 GA release available - security fix

The Apache Struts group is pleased to announce that Struts 2.3.16.2 is available as a "General Availability" release.The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed ...