42 matches found
Apache Struts ClassLoader Manipulation Remote Code Execution
This module exploits a remote command execution vulnerability in Apache Struts versions 1.x 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Apache Struts versions 1.x = 1.3.10 and 2.x 2.3.16.2. In...
CVE-2014-0112
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for...
CVE-2014-0112
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for...
Design/Logic Flaw
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for...
CVE-2014-0112
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for...
CVE-2014-0112
Summary (facts from sources): CVE-2014-0112 affects Apache Struts 2.x where the ParametersInterceptor does not properly restrict access to the getClass method, enabling remote attackers to manipulate the ClassLoader and execute arbitrary code via a crafted request. The F5 advisories confirm the v...
Apache Struts ParametersInterceptor ClassLoader Security Bypass (CVE-2014-0094; CVE-2014-0112; CVE-2014-0113; CVE-2014-0114)
A security bypass vulnerability exists in Apache Struts. The vulnerability is due to inadequate validation of data processed by ParametersInterceptor allowing for manipulation of the ClassLoader. A remote attacker could exploit this vulnerability by providing a class parameter in a request...
CVE-2014-0094
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...
Security feature bypass
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...
CVE-2014-0094
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...
CVE-2014-0094
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...
CVE-2014-0094
CVE-2014-0094 affects Apache Struts where the ParametersInterceptor before 2.3.16.2 allows a crafted request to pass a class parameter to getClass(), enabling ClassLoader manipulation and remote code execution in vulnerable deployments. Public references note exploitation in versions prior to 2.3...
Apache Struts 2 ParametersInterceptor OGNL Command Execution (CVE-2011-3923)
A command execution vulnerability has been reported in Apache Struts 2...
Apache Struts 2 ParametersInterceptor OGNL Command Injection
Added: 03/26/2012 CVE: CVE-2011-3923 BID: 51628 OSVDB: 78109 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...
Apache Struts 2 ParametersInterceptor OGNL Command Injection
Added: 03/26/2012 CVE: CVE-2011-3923 BID: 51628 OSVDB: 78109 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...
VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability
a. Vulnerability in third party Apache Struts componentVMware vCenter Orchestrator is an application to automate management tasks. Alive Enterprise is an application to monitor processes. Both products embed Apache Struts which is a third party component.The following vulnerability has been...
Apache Struts2 ParametersInterceptor Remote Command Execution (CVE-2010-1870)
Apache Struts2 is a free framework for building Java web-based applications. A command execution vulnerability has been reported in the web application framework Apache Struts2. The vulnerability is due to insufficient input validation in the ParametersInterceptor component when parsing incoming...
Struts2/XWork < 2.2.0 remote execution of arbitrary code vulnerability analysis and patch-vulnerability warning-the black bar safety net
Neeao's Blog http://neeao.com/ : 1. exploit-db website on 7 month 1 4 day broke aStruts2 remote execution of arbitrary code vulnerabilityvulnerability, hazard of large, can be described as a crack shot, directly to the root, as long as the use Struts2 and webwork framework of the system for the...
Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability
Exploit for multiple platform in category remote exploits ============================================================ Struts2/XWork 2.2.0 Remote Command Execution Vulnerability ============================================================ Apache Struts team has announced uploaded but has not...
Design/Logic Flaw
ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict pound sign references to context objects, which allows remote attackers to execute Object-Graph Navigation Language OGNL statements and...