Seasar S2Struts vulnerable to input validation bypass

Overview Seasar S2Struts provided by The Seasar Foundation is a software framework for developing Java web applications. Seasar S2Struts is vulnerable to an issue contained in the Apache Struts 1 Validator, because S2Struts 1.2.x uses Apache Struts 1.2.x, and S2Struts 1.3.x uses Apache Struts...

JVN#91383083: Seasar S2Struts vulnerable to input validation bypass

The Validator in Apache Struts 1.1 and later contains a function MPV -- Multi Page Validator to efficiently define rules for input validation across multiple pages during screen transitions. The MPV contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validato...

SOL16334 - Apache Struts vulnerability CVE-2013-4316

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

The Validator in TERASOLUNA Server Framework for Java(WEB) vulnerable to input validation bypass

Overview The TERASOLUNA Server Framework for JavaWEB provided by NTT Data Corporation is a software framework for creating web applications. The TERASOLUNA Server Framework for JavaWEB is vulnerable to an issue contained in the Apache Struts 1 Validator, since it uses Apache Struts 1.2.9. The...

JVN#86448949: The Validator in TERASOLUNA Server Framework for Java(WEB) vulnerable to input validation bypass

The Validator in Apache Struts 1.1 and later contains a function MPV -- Multi Page Validator to efficiently define rules for input validation across multiple pages during screen transitions. The MPV contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validato...

Apache Struts 2.0.0 < 2.3.16.1 Multiple Vulnerabilities (credentialed check) (Deprecated)

This plugin has been deprecated and replaced by struts23161.nasl plugin ID 117393. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 9/12/2018. Use struts23161.nasl instead include'compat.inc'; if description scriptid81105; scriptversion"1.8";...

OGNL Double Evaluation Vulnerability

We have discovered and fixed a vulnerability in our fork of one of Apache Struts libraries. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Bamboo web interface. All versions of Bamboo up t...

OGNL Double Evaluation Vulnerability

We have discovered and fixed a vulnerability in our fork of one of Apache Struts libraries. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Bamboo web interface. All versions of Bamboo up t...

[ANN] Apache Struts 2.3.20 GA release available with security fix

The Apache Struts group is pleased to announce that Apache Struts 2.3.20 is available as a "General Availability" release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is...

CVE-2014-7809

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism...

CVE-2014-7809

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism...

Cross site request forgery (csrf)

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism...

CVE-2014-7809

CVE-2014-7809 affects Apache Struts 2.0.0–2.3.x with predictable values, enabling remote CSRF bypass. Connected IBM advisories confirm impact on IBM FlashSystem 840/V840-AC0/AC1 nodes and IBM SAN Storwize, IBM Sterling Order Management, Call Center, and related products where Struts is used as p...

CVE-2014-7809

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism...

Apache Struts 2 Multiple Vulnerabilities (S2-023) (S2-025)

The remote web server is using a version of Struts 2 that is affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to the token generator failing to adequately randomize the token values. An attacker can exploit this issue by extracting a token from a form...

IBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF29 Multiple Vulnerabilities

The version of IBM WebSphere Portal installed on the remote host is 7.0.0.x prior to 7.0.0.2 CF29. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the...

用友软件存在两处命令执行漏洞可影响内网安全

简要描述： 刚进公司几天，无意看网站发现两处小漏洞，不知道报那里，就丢乌云吧 详细说明： 翻网站的时候无意发现两处Struts 1.http://comp.yonyou.com/hr/sm/Smindex.action 2.http://comp.yonyou.com/base/par/Parindex.action 貌似是没上线的平台，但是看一下信息就知道危害了 首先，先看看服务器信息 WIN2008服务器 再看看端口 3389是直接开放的 再看看IP吧 内网，再加上3389端口是默认开放的，如果，进行端口转发，提权，那么。。。 最后看看盘符信息吧 基本全遍历。 漏洞证明：...

IBM WebSphere Portal 8.5.0 < 8.5.0 CF02 Multiple Vulnerabilities

The version of IBM WebSphere Portal installed on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the 'class' parameter of an ActionForm object to...

RHEL 6 : struts (RHSA-2014:0500)

Updated struts packages that fix one security issue are now available for Red Hat Network Satellite 5.4 and 5.5, and Red Hat Satellite 5.6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which...

Oracle Adaptive Access Manager Server Arbitrary Code Execution (October 2014 CPU)

The remote Oracle Adaptive Access Manager installation is missing a vendor supplied update that fixes a flaw in Apache Struts which allows remote attackers to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...