CVE-2018-1327

CVE-2018-1327 affects the Apache Struts REST Plugin via the XStream deserialization path, enabling a remote DoS when a malicious XML payload is processed. The advisory chain shows that upgrading to Struts 2.5.16 and switching to the optional Jackson XML handler (or implementing a custom XML handl...

CVE-2018-1327

The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here...

Apache Struts2 S2-056(CVE-2018-1327)

Summary A crafted XML request can be used to perform a DoS attack when using the Struts REST plugin | | | | :------------ | :------------ | | Who should read this | All Struts 2 developers and users which are using the REST plugin | | Impact of vulnerability | A DoS attack is possible when using...

Equifax Says 2.4 Million More People Impacted By Massive 2017 Breach

Equifax said that an additional 2.4 million Americans have had their personal data stolen as part of the company’s massive 2017 data breach, including their names and some of their driver’s license information. The additional identified victims bring the total of those implicated in what has beco...

CVE-2018-6488 MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance

Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

CVE-2017-5638 | Struts s2-045 Description It is possible t...

Oracle WebCenter Portal Multiple Vulnerabilities (January 2018 CPU)

Binary data oraclewebcenterportalcpujan2018.nbin...

The State of Web Application Vulnerabilities in 2017

As a web application firewall provider, part of our job at Imperva is constantly monitoring new security vulnerabilities. To do this, we use internal software that collects information from various data sources such as vulnerability databases, newsletters, forums, social media and more, integrate...

Imperva’s Top 10 Blogs of 2017

I recently took a step back to review all the content we shared in 2017 on the Imperva blog. We covered a broad range of topics including data security, cloud migration, application and API security, AI and machine learning, cybersecurity research, GDPR, insider threats and more. We were busy!...

Design/Logic Flaw

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their...

CVE-2017-14589

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their...

CVE-2017-14589

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their...

CVE-2017-14589

CVE-2017-14589: Atlassian Bamboo is affected by a remote code execution issue caused by double OGNL evaluation in FreeMarker templates via Struts FreeMarker tags. Affected versions are Bamboo < 6.1.6 and 6.2.0 ≤ Bamboo

CVE-2017-14589

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their...

BSA-2018-588

Security Advisory ID : BSA-2018-588 Component : Apache Strusts2 Revision : 2.0: Final In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload...

CVE-2017-15707

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload...

Apache Struts Security Update (S2-054, S2-055)

Apache Struts is prone multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apache Struts 'REST' Plugin Multiple Vulnerabilities (S2-054, S2-055) - Linux

Apache Struts is prone multiple vulnerabilities. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Exploit for Deserialization of Untrusted Data in Apache Struts

CVE-2017-9805.py 1. Better Exploit Code For CVE 2017 9805 apac...

Apache Software Foundation Releases Security Updates

The Apache Software Foundation has released security updates to address vulnerabilities in Apache Struts versions 2.5 to 2.5.14. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Apache Securit...