109 matches found
Apache Struts REST plugin XStream deserialization vulnerability
Added: 09/08/2017 CVE: CVE-2017-9805 BID: 100609 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The REST plugi...
Apache Struts REST plugin XStream deserialization vulnerability
Added: 09/08/2017 CVE: CVE-2017-9805 BID: 100609 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The REST plugi...
BSA-2017-427
Security Advisory ID : BSA-2017-427 Component : Apache Struts 2 Revision : 2.0: Interim The REST Plugin in Apache Struts2 is usingaXStreamHandlerwith an instance ofXStreamfor deserialization without any type filtering which could lead to Remote Code Execution whendeserializingXML payloads. An...
BSA-2017-429
Security Advisory ID : BSA-2017-429 Component : Struts REST Revision : 2.0: Interim A flaw was found in the Struts REST plugin when using an outdatedXStreamlibrary. An attacker could perform a denial of service attack using a malicious request with specially crafted XML payload. Affected Products...
S2-052: Apache Struts2 REST Plugin Payloads (CVE-2017-9805)
PenTestIT RSS Feed There is a saying making rounds now that "Apache Struts is like the WebGoat of all frameworks" and the current exploit which is being tracked under CVE-2017-9805 and the Apache Struts bulletin - S2-052 prooves just that. If you remember, I had covered another vulnerability a...
Struts2 S2-052(CVE-2017-9805)remote code execution vulnerability bug research-vulnerability warning-the black bar safety net
Struts2 S2-052 remote code perform vulnerability bug and the previous Struts2 vulnerability bug there is a difference, S2-052 operating the Java deserialization cracks, rather than reputation notorious ognl in. The flaws of the trigger point is the REST plug-in to parse begged in the xml file, ca...
Apache Struts 2.5 - Remote Code Execution Exploit
Exploit for linux platform in category remote exploits Exploit Title: Struts 2.5 - 2.5.12 REST Plugin XStream RCE Google Dork: filetype:action Date: 06/09/2017 Exploit Author: Warflop Vendor Homepage: https://struts.apache.org/ Software Link:...
Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution Exploit
Apache Struts versions 2.5 through 2.5.12 using the REST plugin are vulnerable to a Java deserialization attack in the XStream library. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache...
Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution
Exploit Title: Struts 2.5 - 2.5.12 REST Plugin XStream RCE Google Dork: filetype:action Date: 06/09/2017 Exploit Author: Warflop Vendor Homepage: https://struts.apache.org/ Software Link: http://mirror.nbtelecom.com.br/apache/struts/2.5.10/struts-2.5.10-all.zip Version: Struts 2.5 – Struts 2.5.12...
Apache Struts2 REST plugin remote code execution vulnerability
Struts2 is the Apache Software Foundation is responsible for maintaining a MVC-based design pattern of the Web application framework for open source projects . Apache Struts2 REST plugin has a remote code execution vulnerability , due to the use of XStream component on the XML format of the packe...
Apache Struts2–052 vulnerability research alert-vulnerability warning-the black bar safety net
The REST Plugin is using a XStreamHandler with an instance of XStream for deserialization without any type of filtering and this can lead to Remote Code Execution when deserializing XML payloads. - The Apache Struts civil peace Bulletinreference 1 2017 9 5 March, the Apache Struts announcement of...
Apache Struts REST Plugin Denial of Service Vulnerability
Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of Java Web applications for the creation of enterprise-class open source MVC framework . Apache Struts 2 is the next generation of Apache Struts products , is bas...
Apache Struts 2 REST Plugin XStream XML Request Deserialization RCE
The remote web application appears to use the Apache Struts 2 web framework. A remote code execution vulnerability exists in the REST plugin, which uses XStreamHandler to insecurely deserialize user-supplied input in XML requests. An unauthenticated, remote attacker can exploit this, via a...
Apache Struts 2 framework REST plugin insecurely deserializes untrusted XML data
Overview Apache Struts 2 framework, versions 2.5 to 2.5.12, with REST plugin insecurely deserializes untrusted XML data. A remote, unauthenticated attacker can leverage this vulnerability to execute arbitrary code in the context of the Struts application. Description CWE-502: Deserialization of...
Denial Of Service (DoS)
struts2-rest-plugin is vulnerable to denial of service DoS attacks. These attacks are possible because it is using a version of xwork-core that is vulnerable to CVE-2017-7957...
Remote Code Execution (RCE)
struts2-rest-plugin is vulnerable to remote code execution RCE attacks. The vulnerability exists as XStream objects are being deserialized without any type filtering...
CVE-2017-9805
The REST Plugin in Apache Struts2 is using a XStreamHandler with an instance of XStream for deserialization without any type filtering which could lead to Remote Code Execution when deserializing XML payloads. An attacker could use this flaw to execute arbitrary code or conduct further attacks...
Patch Released for Critical Apache Struts Bug
The Apache Software Foundation has patched a critical remote code execution vulnerability affecting all versions of the popular application development framework Struts since 2008. All web applications using the framework’s REST plugin are vulnerable. Users are advised to upgrade their Apache...
CVE-2017-9793
A flaw was found in the Struts REST plugin when using an outdated XStream library. An attacker could perform a denial of service attack using a malicious request with specially crafted XML payload...
PT-2017-2795
Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.1.1 through 2.3.x before 2.3.34 Apache Struts versions 2.5.x before 2.5.13 Description The issue is related to the REST Plugin in Apache Struts, which uses an XStreamHandler with an instance of XStream for...