Security Bulletin: Intelligent Clusters Security Bulletin, 1410

Summary Security Bulletin: Intelligent Clusters Security Bulletin, 1410 Vulnerability Details Security Bulletin --- Summary --- Administrative access to the system via the IP interface may be obtained without authentication. Vulnerability Details --- CVEID: CVE-2013-4310 CVE-2013-4316 DESCRIPTION...

Security Bulletin: IBM Security Guardium is affected by an OpenSource Apache Struts vulnerability

Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2015-0899 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this...

Security Bulletin: IBM Security Guardium is affected by an OpenSource Apache Struts Vulnerability

Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVE-ID: CVE-2015-0899 Description: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit thi...

VulnCheck KEV: CVE-2018-11776

Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or...

Apache Struts 2 'method:' Prefix Arbitrary Remote Command Execution

The remote web application appears to use Struts 2, a web framework that utilizes OGNL Object-Graph Navigation Language as an expression language. When Dynamic Method Invocation is enabled, it is possible to pass a malicious expression to the 'method:' prefix. A remote, unauthenticated attacker c...

Security Bulletin: Vulnerabilities in Struts v2 affect IBM Security Guardium (CVE-2016-1181, CVE-2016-1182)

Summary Struts v2 vulnerabilities affect IBM Security Guardium. IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2016-1181 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to...

Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities (Apache Struts) vulnerability

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An...

Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI shipped with Tivoli Integrated Portal

Summary Vulnerabilities exist in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI. These only exist if you have deployed the optional UDDI application. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacker to execute...

Security Bulletin: Potential vulnerability in WebSphere Application Server shipped with Tivoli Integrated Portal (CVE-2015-0899)

Summary There is a potential vulnerability in WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-0899 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit...

Security Bulletin: Potential vulnerability in WebSphere Application Server shipped with Jazz for Service Management (CVE-2015-0899)

Summary There is a potential vulnerability in WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-0899 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit...

Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI shipped with Jazz for Service Management

Summary Vulnerabilities exist in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI. These only exist if you have deployed the optional UDDI application. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacker to execute...

Security Bulletin: IBM Tivoli Common Reporting (TCR) 2018Q2 Security Updater: TCR, a part of IBM Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities

Summary Fixes of Cognos Business Intelligence are provided as part of TCR fixes This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Business Intelligence. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM®...

Validation Bypass

Apache Struts is vulnerable to validation bypass. Applications that do not use isCancelled check do not detect a cancelled action which allows remote attackers to bypass validation via a request with a org.apache.struts.taglib.html.Constants.CANCEL parameter...

Cross-Site Scripting (XSS)

Apache Struts is vulnerable to cross-site scripting. A lack of validation in the parameter name allows a remote attacker to inject arbitrary Javascript through an error message. The vulnerability affects LookupDispatchAction, DispatchAction and ActionDispatcher...

Denial Of Service (DoS)

Apache Struts is vulnerable to denial of service. A remote attacker is able to cause a denial of service condition using a multipart/form-data encoded form with a parameter name that references the getMultipartRequestHandler function which provides access to elements in...

Cross-Site Scripting (XSS)

Apache Struts is vulnerable to cross-site scripting. Lack of input validation and sanitization on the query string allows a remote attacker to inject arbitrary Javascript into a victim's browser when the reuest handler generates an error message...

Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty

Summary Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections has addressed publicly disclosed vulnerability found by vFinder: Eclipse Jetty. Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary cod...

Apache Struts 2.x <= 2.3.36 commons-fileupload RCE Vulnerability

Apache Struts is prone to a remote code execution RCE in a shipped library. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018

On November 5, 2018, the Apache Struts Team released a security announcement urging an upgrade of the Commons FileUpload library to version 1.3.3 on systems using Struts 2.3.36 or earlier releases. Systems using earlier versions of this library may be exposed to attacks that could allow execution...

Apache Struts Remote Code Execution (CVE-2016-1000031)

An insecure deserialization vulnerability has been reported in Apache Struts. This vulnerability is due to deseralization of untrusted data while having the vulnerable version of Apache-Commons-FileUpload library. A remote, unauthenticated attacker can exploit this vulnerability by sending a...