2549 matches found
Apache Struts DoS Vulnerability (S2-051) - Linux
Apache Struts is prone to a Denial of Service DoS vulnerability in the Struts REST plugin. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
Apache Struts Security Update (S2-021, S2-022, S2-023, S2-025)
Apache Struts is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Apache Struts Security Update (S2-051, S2-052) - Version Check
Apache Struts is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Apache Struts Security Update (S2-020) - Version Check
Apache Struts is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Apache Struts ClassLoader Manipulation Vulnerabilities (S2-021) - Linux
ClassLoader Manipulation in Apache Struts allows remote attackers to execute arbitrary Java code. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
Exploit for Out-of-bounds Read in Openssl
This repository contains a collection of exploits and tools for various vulnerabilities, including CVE-2014-0160 Heartbleed, CVE-2014-6271 Shellshock, CVE-2017-5638 Apache Struts 2, and others. The repository includes Python scripts for exploiting these vulnerabilities, as well as documentation a...
Apache Security Advisories Red Flag Wrong Versions in Patching Gaffe
Researchers have pinpointed errors in two dozen Apache Struts security advisories, which warn users of vulnerabilities in the popular open-source web app development framework. They say that the security advisories listed incorrect versions impacted by the vulnerabilities. The concern from this...
The vulnerability of the JSON-lib library used in REST plugins of the Apache Struts software framework allows attackers to induce a service failure.
The vulnerability of the JSON-Lib library used in Apache Struts’ REST framework programming platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
struts2: ClassLoader manipulation via request parameters
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for...
Zeebsploit - Web Scanner / Exploitation / Information Gathering
zeebsploit is a tool for hacking searching for web information and scanning vulnerabilities of a web Installation & Usage apt-get install git git clone https://github.com/jaxBCD/Zeebsploit.git cd Zeebsploit chmod +x install ./install python3 zeebsploit.py type 'help' for show modules and follow...
Apache Struts OGNL injection vulnerability principle with an example-vulnerability warning-the black bar safety net
Through this article, we mainly learn how Apache Struts to achieve OGNL injection. Our examples will be set forth in the Struts of the two critical vulnerabilities: CVE-2017-5638(Equifax information disclosure and CVE-2018-11776。 Apache Struts is a free open source framework for creating modern...
Cross-Site Scripting (XSS)
Apache Struts is vulnerable to cross-site scripting XSS. Improper validation of user-supplied input allows a remote attacker to inject Javascript into a victim's browser through pages xipclient.html and xipserver.html...
Security Bulletin: Potential vulnerability in WebSphere Application Server (CVE-2015-0899)
Summary There is a potential vulnerability in WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-0899 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit...
Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI
Summary Vulnerabilities exist in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI. These only exist if you have deployed the optional UDDI application. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacker to execute...
Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem V840
Summary There is a vulnerability in Apache Struts which the IBM FlashSystem™ V840 is susceptible. An exploit of that vulnerability CVE-2018-11776 could make the system susceptible to attacks which could allow an attacker to execute arbitrary code on the system. Vulnerability Details CVEID:...
Apache Struts Config Browser Plugin Detection
Binary data strutsconfigbrowserdetect.nbin...
Apache Struts 2 Commons FileUpload Insecure Deserialization (CVE-2016-1000031)
An insecure deserialization vulnerability exists in Apache Struts 2. This vulnerability is due to Apache Struts 2 having a dependency on a vulnerable version of Commons FileUpload. Successful exploitation can result in arbitrary file upload within the security context of the target application...
Apache Struts 2 Config Browser Detected
Apache Struts 2 Config Browser Plugin is a module to help view Struts application's configuration at runtime. This plugin has been detected on the web application by the scanner. It may be possible for an attacker to view Apache Struts version, loaded configuration or accessible action URLs for...
Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server
Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID: CVE-2015-0899 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused b...
Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud
Summary There are multiple security vulnerabilities that affect IBM WebSphere Application Server in IBM Cloud. Vulnerability Details CVEID: CVE-2017-1743 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to obtain sensitive information caused by improper handling of...