Lucene search
K

240 matches found

Saint
Saint
added 2012/03/26 12:0 a.m.48 views

Apache Struts 2 ParametersInterceptor OGNL Command Injection

Added: 03/26/2012 CVE: CVE-2011-3923 BID: 51628 OSVDB: 78109 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...

9.8CVSS9.7AI score0.88829EPSS
Exploits16
Saint
Saint
added 2012/03/26 12:0 a.m.48 views

Apache Struts 2 ParametersInterceptor OGNL Command Injection

Added: 03/26/2012 CVE: CVE-2011-3923 BID: 51628 OSVDB: 78109 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...

9.7AI score0.88829EPSS
Exploits16
NVD
NVD
added 2012/03/02 10:55 p.m.18 views

CVE-2012-0838

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field...

10CVSS9.7AI score0.1388EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2012/03/02 10:55 p.m.31 views

CVE-2012-0838

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field...

10CVSS7.5AI score0.1388EPSS
Exploits0References2
Prion
Prion
added 2012/03/02 10:55 p.m.17 views

Design/Logic Flaw

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field...

10CVSS7.6AI score0.1388EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2012/03/02 10:0 p.m.25 views

CVE-2012-0838

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field...

9.6AI score0.1388EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/02/10 5:29 a.m.5 views

Apache Struts 2 vulnerable to an arbitrary Java method execution

Overview Apache Struts 2 contains an arbitrary Java method execution vulnerability. Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is...

10CVSS7.1AI score0.1388EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2012/02/07 4:9 a.m.24 views

CVE-2012-1006

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 lastName parameter to struts2-showcase/person/editPerson.action, or the 3 clientName parameter to struts2-rest-showcase/orders...

4.3CVSS7.3AI score0.58476EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2012/02/06 12:0 a.m.111 views

Apache Struts 2 ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution

The remote web application appears to use Apache Struts 2, a web framework that uses XWork. Due to a flaw in the ParameterInterceptor class, user input is not properly sanitized, which allows a remote attacker to run arbitrary Java code on the remote host by sending a specially crafted HTTP...

9.8CVSS8.7AI score0.88829EPSS
Exploits16References3
exploitpack
exploitpack
added 2011/12/07 12:0 a.m.12 views

Apache Struts 2.0.92.1.8 - Session Tampering Security Bypass

Apache Struts 2.0.92.1.8 - Session Tampering Security Bypass source: https://www.securityfocus.com/bid/50940/info Apache Struts is prone to a security-bypass vulnerability that allows session tampering. Successful attacks will allow attackers to bypass security restrictions and gain unauthorized...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/05/21 12:0 a.m.58 views

Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure

Security Advisory: MVSA-11-007 http://www.ventuneac.net/security-advisories/MVSA-11-007 CVE: CVE-2011-2088 Vendors: Apache Software Foundation, OpenSymphony Products: Struts 2, XWork , WebWork Vulnerabilities: Java Class Path Information Disclosure Risk: Medium Attack Vector: From Remote...

5CVSS0.1AI score0.0614EPSS
Exploits0
NVD
NVD
added 2011/05/13 5:5 p.m.36 views

CVE-2011-1772

Multiple cross-site scripting XSS vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 an action name, 2 the action attribute of an s:submit element, or 3 t...

2.6CVSS8.3AI score0.33111EPSS
Exploits3References10
Cvelist
Cvelist
added 2011/05/13 5:0 p.m.26 views

CVE-2011-2087

Multiple cross-site scripting XSS vulnerabilities in component handlers in the javatemplates aka Java Templates plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of...

5.7AI score0.06127EPSS
Exploits1References4
CVE
CVE
added 2011/05/13 5:0 p.m.94 views

CVE-2011-1772

CVE-2011-1772 is a cross-site scripting (XSS) vulnerability affecting Apache Struts 2.x (XWork) and OpenSymphony WebWork, with XWork error page generation failing to escape certain inputs. The issue arises from improper validation of user-supplied input when generating the action name for error p...

2.6CVSS5.5AI score0.33111EPSS
Exploits3References10Affected Software1
CVE
CVE
added 2011/05/13 5:0 p.m.60 views

CVE-2011-2087

CVE-2011-2087 affects the javatemplates (Java Templates) plugin in Apache Struts 2.x prior to 2.2.3. The issue is multiple XSS vulnerabilities in eight component handlers (FileHandler.java, HiddenHandler.java, PasswordHandler.java, RadioHandler.java, ResetHandler.java, SelectHandler.java, SubmitH...

4.3CVSS5.8AI score0.06127EPSS
Exploits1References4Affected Software1
securityvulns
securityvulns
added 2011/05/11 12:0 a.m.96 views

Apache Struts 2 Multiple Reflected XSS in XWork error pages

Security Advisory: MVSA-11-006 CVE: CVE-2011-1772 Vendor: Apache Software Foundation Product: Struts 2 Framework Vulnerabilities: Multiple Reflected XSS in XWork error pages Risk: High Attack Vector: From Remote Authentication: Not Required References: -...

2.6CVSS0.1AI score0.33111EPSS
Exploits3
Packet Storm
Packet Storm
added 2011/05/11 12:0 a.m.51 views

Apache Struts 2 Cross Site Scripting

Security Advisory: MVSA-11-006 CVE: CVE-2011-1772 Vendor: Apache Software Foundation Product: Struts 2 Framework Vulnerabilities: Multiple Reflected XSS in XWork error pages Risk: High Attack Vector: From Remote Authentication: Not Required References: -...

2.6CVSS0.2AI score0.33111EPSS
Exploits3
CVE
CVE
added 2010/08/17 5:31 p.m.202 views

CVE-2010-1870

The CVE-2010-1870 entry covers OGNL expression evaluation in XWork (Struts 2.0.0–2.1.8.1) with a permissive whitelist that allows remote modification of server-side context objects and bypass of the # protection via OGNL context variables (e.g., #context, #root, #this, etc.). Cisco advisory notes...

5CVSS9.1AI score0.91079EPSS
Exploits22References12Affected Software1
Tenable Nessus
Tenable Nessus
added 2009/04/29 12:0 a.m.598 views

Apache Struts 2 s:a / s:url Tag href Element XSS

The web application on the remote host is affected by a cross-site scripting vulnerability due to a vulnerable version of Apache Struts 2 that fails to properly encode the parameters in the 's:a' and 's:url' tags. A remote attacker can exploit this by tricking a user into requesting a page with...

4.3CVSS6AI score0.05614EPSS
Exploits0References4
NVD
NVD
added 2009/03/23 2:19 p.m.25 views

CVE-2008-6505

Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f encoded dot dot slash in a URI with a /struts/ path, related to 1 FilterDispatcher in 2.0.x and 2 DefaultStaticContentLoader in 2.1...

5CVSS6.8AI score0.72522EPSS
Exploits0References7
Rows per page
Query Builder