Apache Struts 2.x < 2.3.18 Multiple Critical Vulnerabilities (S2-008)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.18. It, therefore, is affected by multiple critical vulnerabilities: - A remote code execution vulnerability exists in ExceptionDelegator due to improper validation of user-supplied input. An unauthenticated, remote...

Mirai, Gafgyt Botnets Return to Target Infamous Apache Struts, SonicWall Flaws

Researchers have discovered new variants for the infamous Mirai and Gafgyt IoT botnets – now targeting well-known vulnerabilities in Apache Struts and SonicWall. The new Mirai strain targets the Apache Struts flaw associated with the 2017 Equifax breach, while the Gafgyt variant uses a...

Apache Struts 2.x < 2.3.14.3 RCE (S2-015)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.14.3. It, therefore, is affected by a remote command execution vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

Apache Struts 2.0.x < 2.2.1 Security Bypass Vulnerability (S2-003)

The version of Apache Struts running on the remote host is 2.0.x prior to 2.2.1. It is, therefore, affected by a security bypass vulnerability in ParameterInterceptor due to improper validation of user-supplied input data. A remote, unauthenticated attacker can exploit this, to manipulate server...

Apache Struts 2.x < 2.2.3 Multiple XSS (S2-006)

The version of Apache Struts running on the remote host is 2.x prior to 2.2.3. It, therefore, is affected by multiple cross-site scripting XSS vulnerabilities due to improper validation of action names. Note that Nessus has not tested for these issues but has instead relied only on the...

Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Namespace Redirect OGNL Injection', 'Description' = %q This module exploits a remote code execution vulnerability in Apache Strut...

Apache Struts 2.x < 2.2.1 OGNL RCE (S2-005)

The version of Apache Struts running on the remote host is 2.x prior to 2.2.1. It, therefore, is affected by a possible remote code execution vulnerability when OGNL expressions are evaluated due to improper validation by the ParametersInterceptor class. Note that Nessus has not tested for these...

Apache Struts 2.x < 2.2.3.1 RCE (S2-007)

The version of Apache Struts running on the remote host is 2.x prior to 2.2.3.1. It, therefore, is affected by a possible remote code execution vulnerability when user-supplied input is evaluated as an OGNL expressions when there is a conversion error. Note that Nessus has not tested for these...

Apache Struts 2.x < 2.3.14.2 Multiple Vulnerabilities (S2-014)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.14.2. It, therefore, is affected by multiple vulnerabilities including a remote command execution vulnerability and a cross-site scripting XSS vulnerability. Note that Nessus has not tested for these issues but has instea...

Apache Struts 2.x < 2.3.16.2 Multiple Vulnerabilities (S2-020)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.16.2. It, therefore, is affected by multiple vulnerabilities: - A denial of service vulnerability exists in MultipartStrea.java in Apache Commons FileUpload due to failure to handle exceptional conditions. A remote,...

Apache Struts 2.0.x < 2.2.1 <s:url> and <s:a> Tag XSS (S2-002)

The version of Apache Struts running on the remote host is 2.0.x prior to 2.2.1. It is, therefore, affected by a possible cross-site scripting XSS vulnerability due to improper validation of user-supplied input to and tags. An unauthenticated, remote attacker can exploit this, by convincing a use...

Apache Struts 2.x < 2.3.15.3 Broken Access Control Vulnerability (S2-018)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.15.3. It, therefore, is affected by a broken access control vulnerability which can be used to bypass security constraints. Note that Nessus has not tested for these issues but has instead relied only on the application's...

Apache Struts 2.0.x < 2.0.9 RCE (S2-001)

The version of Apache Struts running on the remote host is 2.0.x prior to 2.0.9. It, therefore, is affected by a possible remote code execution vulnerability when OGNL expressions are evaluated in a form field. Note that Nessus has not tested for these issues but has instead relied only on the...

Apache Struts 2 Namespace Redirect OGNL Injection Exploit

This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions 2.3 through 2.3.4, and 2.5 through 2.5.16. Remote code execution can be performed via an endpoint that makes use of a redirect action. Native payloads will be converted to executables and dropped in th...

The vulnerability of the Apache Struts software framework allows a hacker to execute arbitrary code.

The vulnerability of the Apache Struts software framework is related to errors in processing data entered by users. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

Apache Struts 2 Namespace Redirect OGNL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Namespace Redirect OGNL Injection', 'Description' = %q This module exploits a remote code execution vulnerability in Apache Strut...

Cisco Issues Security Patch Updates for 32 Flaws in its Products

Cisco today released thirty security patch advisory to address a total of 32 security vulnerabilities in its products, three of which are rated critical, including the recently disclosed Apache Struts remote code execution vulnerability that is being exploited in the wild. Out of the rest 29...

Cisco Issues Security Patch Updates for 32 Flaws in its Products

Cisco today released thirty security patch advisory to address a total of 32 security vulnerabilities in its products, three of which are rated critical, including the recently disclosed Apache Struts remote code execution vulnerability that is being exploited in the wild. Out of the rest 29...

Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild

It was only a matter of time before attacks were seen in the wild, and now it’s happened. A known threat actor has mounted a large cryptomining campaign using the recently disclosed Apache Struts 2 critical remote code-execution vulnerability. It uses a new malware designed for persistence and...

Apache Struts undefined namespace vulnerability

Added: 09/05/2018 BID: 105125 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A remote attacker can execute...