CVE-2015-1831

The default exclude patterns excludeParams in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors...

CVE-2015-1831

The default exclude patterns excludeParams in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors...

Default credentials

The default exclude patterns excludeParams in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors...

CVE-2015-1831

CVE-2015-1831 concerns Apache Struts 2.3.20, where misleading default excludeParams could let an attacker alter an application’s internal state. IBM advisories list affected IBM storage platforms (FlashSystem 900/ V840/ V9000 and Storwize families) with fixes in specific code levels (e.g., FlashS...

SOL16827 - Apache Struts vulnerability CVE-2015-1831

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities

The remote IBM Storwize device is running a version that is 1.3.x prior to 1.4.3.4 or 1.5.x prior to 1.5.0.2. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists due to a flaw in the bundled version of Apache HTTP Server. A remote attacker can explo...

Apache Struts Remote Command Execution - Ver2 (CVE-2013-2251)

A code execution vulnerability exists in Apache Struts Object-Graph Navigation Language OGNL expressions. The vulnerability is due to the failure of DefaultActionMapper to sanitize input following "action:", "redirect:" or "redirectAction:" expressions leading to code injection. A remote attacker...

Apache Struts Security Restriction Bypass Vulnerability

Apache Struts is an open source architecture for building Java web applications. An input validation bypass vulnerability exists in the MultiPageValidator function in Apache Struts versions prior to 1.2.9 SP2. An attacker can exploit this vulnerability to bypass security restrictions and perform...

Apache Struts 2.3.20 Incorrect Default Exclude Pattern (S2-024)

The remote web server is using Apache Struts version 2.3.20. It is, therefore, affected by an issue where the default exclude patterns are incorrect when using default settings. This allows a remote attacker to impact the internal application's state. Note that Nessus has not tested for this issu...

Oracle WebCenter Sites Multiple Vulnerabilities (April 2015 CPU)

The Oracle WebCenter Sites installed on the remote host is missing patches from the April 2015 CPU. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker,...

Apache Struts Exclude mode Vulnerability(CVE-2 0 1 5-1 8 3 1)-vulnerability warning-the black bar safety net

Affected system: The Apache Group Struts 2.3.20 Not affected system: The Apache Group Struts 2.3.20.1 Description: CVECAN ID: CVE-2 0 1 5-1 8 3 1 Struts is for building Web applications of open source. Struts 2.3.20 using the wrong default the exclude mode, If enabled the default setting, the err...

Apache Struts Incorrect Default Exclude Pattern Vulnerability

Apache Struts is an open source architecture for building Java web applications. The Apache Struts program fails to properly default exclude patterns when using the default settings, allowing remote attackers to exploit the vulnerability against the internal application state...

MySQL Enterprise Monitor 3.0.x < 3.0.19 Apache Struts Predictable Token XSRF

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host may be affected by a cross-site request forgery vulnerability due to the token generator failing to adequately randomize the token values. A remote attacker can exploit this by extracting a token from ...

MySQL Enterprise Monitor < 2.3.17 Multiple Vulnerabilities

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker, using a crafted...

MySQL Enterprise Monitor < 2.3.14 Apache Struts Multiple Vulnerabilities

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by the multiple vulnerabilities in the bundled version of Apache Struts : - Input validation errors exist that allows the execution of arbitrary Object-Graph Navigation Language OGNL...

MySQL Enterprise Monitor < 2.3.20 Apache Struts Predictable Token XSRF

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host may be affected by a cross-site request forgery vulnerability due to the token generator failing to adequately randomize the token values. A remote attacker can exploit this by extracting a token from ...

MySQL Enterprise Monitor 3.0.x < 3.0.5 Apache Struts DMI Multiple Vulnerabilities

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple unspecified vulnerabilities related to dynamic method invocation DMI in the bundled version of Apache Struts. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

MySQL Enterprise Monitor 3.0.x < 3.0.11 Multiple Vulnerabilities

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker, using a crafted...

The vulnerability of the Apache Struts software platform, related to the use of predictable values of <s:token/>, allows a remote attacker to perform a CSRF attack.

The vulnerability of the Apache Struts software platform is related to the use of predictable values for the tag. Exploiting this vulnerability could allow a remote attacker to execute a CSRF attack...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libstruts1.2-java package of the Debian GNU/Linux operating system can be exploited, which may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...