26 matches found
The vulnerability of the ParameterInterceptor component in the Apache Struts software framework allows a hacker to write any files into the system.
The vulnerability of the ParameterInterceptor component in the Apache Struts software framework is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to write arbitrary files into the system...
GHSA-HXQQ-W4MR-MC62 Apache Struts's ParameterInterceptor component does not prevent access to public constructors
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...
Apache Struts's ParameterInterceptor component does not prevent access to public constructors
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...
Struts ParameterInterceptor vulnerability allows remote command execution
Regular expression in ParametersInterceptor matches top'foo' as a valid expression, which OGNL treats as top'foo'0 and evaluates the value of 'foo' action parameter as an OGNL expression. This lets malicious users put arbitrary OGNL statements into any String variable exposed by an action and hav...
CVE-2011-3923
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands...
Design/Logic Flaw
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands...
CVE-2011-3923
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands...
Apache Struts 2.x < 2.3.14.3 Remote Code Execution Vulnerability (S2-012)
The version of Apache Struts running on the remote host is 2.x prior to 2.3.14.3. It, therefore, is affected by a remote command execution vulnerability in the ParameterInterceptor class due to improper handling of user-supplied input data. An unauthenticated, remote attacker could exploit this...
Security Bulletin: The IBM V840 product model number AE1 node is affected by vulnerabilities in Apache’s Struts library
Summary Security vulnerabilities have been discovered in Apache’s Struts library Vulnerability Details CVE-ID: CVE-2014-0112, CVE-2014-0094, & CVE-2014-0050 DESCRIPTION: FlashSystem V840-AE1 uses the Apache Struts library. Struts is used only by the Service Assist GUI. CVE-2014-0112 Apache Struts...
XWork 2.0.x 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/32101/info XWork is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. Attackers can exploit this issue to manipulate server-side context objects with the privileges of the...
Apache Struts 'ParameterInterceptor'类OGNL安全绕过漏洞
Bugtraq ID:60082 Apache Struts框架是一个基于Java Servlets,JavaBeans, 和 JavaServer Pages JSP的Web应用框架的开源项目。 Apache Struts "ParameterInterceptor"类存在一个错误,允许远程攻击者利用漏洞修改服务端对象,如通过特制的OGNL表达式来执行任意命令。 0 Apache Struts 2.x 厂商解决方案 Apache Struts 2.3.14.1已经修复此漏洞,建议用户下载更新: http://struts.apache.org/...
Apache-Struts ParameterInterceptor < 2.3.1.2 RCE Linux
Apache-Struts2 / OpenSymphony-Xwork RCE Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Apache-Struts ParameterInterceptor < 2.3.1.2 RCE Windows
Apache-Struts2 / OpenSymphony-Xwork RCE Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Apache Struts 2 ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
The remote web application appears to use Apache Struts 2, a web framework that uses XWork. Due to a flaw in the ParameterInterceptor class, user input is not properly sanitized, which allows a remote attacker to run arbitrary Java code on the remote host by sending a specially crafted HTTP...
CVE-2012-0393
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...
Design/Logic Flaw
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...
CVE-2012-0393
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...
CVE-2012-0393
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...
CVE-2012-0393
CVE-2012-0393 concerns Apache Struts 2.x. The vulnerability lies in the ParameterInterceptor component not preventing access to public constructors, allowing a remote attacker to cause the creation of Java objects and thus “trigger” the creation or overwrite of arbitrary files via a crafted param...
Apache Struts远程命令执行和任意文件覆盖漏洞
Bugtraq ID: 51257 Apache Struts是一款建立Java web应用程序的开放源代码架构。 Apache Struts存在安全漏洞,允许攻击者利用漏洞执行任意命令或覆盖任意文件 -Apache Struts存在一个输入过滤错误,如果遇到转换错误可被利用注入和执行任意Java代码。 -当处理COOKIE名称过程中CookieInterceptor类没有正确限制对某些静态模式的访问,可被利用执行任意命令。 -部分未明输入在用于创建文件之前没有由ParameterInterceptor进行正确过滤,可被利用通过目录遍历攻击创建或覆盖任意文件。 0 Apache Stru...