Apache Struts Warns Users of Two-Year-Old Vulnerability

The Apache Software Foundation warned in an advisory that the latest version of the Commons FileUpload library is susceptible to a two-year-old remote code execution flaw. Users of the vulnerable library must update their projects manually. The critical bug in Commons FileUpload library is a know...

Apache Releases Security Advisory for Apache Struts

The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected. NCCIC...

Apache Struts 2.3.x < 2.3.33 Denial of Service (S2-049)

The version of Apache Struts running on the remote host is 2.3.x prior to 2.3.33. It is, therefore, affected by the following vulnerability: - A flaw exists in unspecified Spring AOP functionality that is used to secure Struts actions. An authenticated, remote attacker can exploit this to cause a...

Apache Struts <= 2.3.36 FileUpload Deserialization Vulnerability

The version of Apache Struts running on the remote host is 2.3.36 or prior. It is, therefore, affected by the following vulnerability: - A deserialization vulnerability in Apache Commons FileUpload which could be leveraged for remote code execution. CVE-2016-1000031 Note that Nessus has not teste...

Security Bulletin: Multiple vulnerabilities affect IBM Rational Design Manager

Summary Multiple security vulnerabilities affect Rational Rhapsody Design Manager Rhapsody DM Vulnerability Details CVEID: CVE-2016-8739 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by XML External Entity XXE vulnerability in JAX-RS implementation...

Apache Struts URL Detection

Binary data 700366.prm...

Apache Struts Page Detection

Binary data 700369.prm...

Apache Struts Page Detection

Binary data 700367.prm...

Apache Struts Page Detection

Binary data 700368.prm...

Apache Struts Cookie Detection

Binary data 700370.prm...

Apache Struts 2 Freemarker Tag Handling RCE

Remote command execution vulnerability in Apache Struts 2 freemarker tag handling Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Apache Struts 2 Multiple Tags Result Namespace Handling RCE

Remote command execution vulnerability in Apache Struts 2 multiple tags result namespace handling Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

Apache Struts contains a Remote Code Execution when using results with no namespace and it's upper actions have no or wildcard namespace. The same flaw exists when using a url tag with no value, action set, and it's upper actions have no or wildcard namespace...

GHSA-CR6J-3JP9-RW65 Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

Apache Struts contains a Remote Code Execution when using results with no namespace and it's upper actions have no or wildcard namespace. The same flaw exists when using a url tag with no value, action set, and it's upper actions have no or wildcard namespace...

com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=2.5.1), com.jgeppert.struts2.bootstrap:struts2-bootstrap-showcase (=2.5.1) +34 more potentially affected by CVE-2017-5638 via org.apache.struts:struts2-core (>=2.5.1 <=2.5.10)

org.apache.struts:struts2-core MAVEN version =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.10 and more Source cves: CVE-2017-5638 Source advisory: OSV:GHSA-J77Q-2QQG-6989...

Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

Apache Struts versions prior to 2.3.32 and 2.5.10.1 contain incorrect exception handling and error-message generation during file-upload attempts using the Jakarta Multipart parser, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...

GHSA-J77Q-2QQG-6989 Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

Apache Struts versions prior to 2.3.32 and 2.5.10.1 contain incorrect exception handling and error-message generation during file-upload attempts using the Jakarta Multipart parser, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...

Security Bulletin: Apache Struts Vulnerability Can Affect IBM Sterling Order Management (CVE-2018-11776)

Summary IBM Sterling Order Management uses Apache Struts 2 and is affected by some of the vulnerabilities that exist in Apache Struts 2 Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error...

org.apache.struts:struts2-assembly (>=2.2.1 <=2.3.33), org.apache.struts:struts2-rest-showcase (>=2.1.2 <=2.3.33) +5 more potentially affected by CVE-2017-9805 via org.apache.struts:struts2-rest-plugin (>=2.1.2 <=2.3.33)

org.apache.struts:struts2-rest-plugin MAVEN version =2.1.2, =2.2.1, =2.1.2, =2.0-RC2.3, =1.0, =1.0.1 - org.meruvian.yama:yama-struts-core =1.0.1 Source cves: CVE-2017-9805 Source advisory: OSV:GHSA-GG9M-FJ3V-R58C...

REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads...