Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products

Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remote command execution vulnerability identified by Apache with Common Vulnerabilities and Exposures ID CVE-2010-1870. The vulnerability is due to insufficient sanitization on user-supplied...

Cisco Addresses Apache Struts 2 Vulnerability

Multiple Cisco products include an implementation of Apache Struts 2 which contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and execute arbitrary commands on a targeted system. Cisco products affected by this vulnerability include: Cisc...

Apache Struts includeParams Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Apache Struts Developer Mode OGNL Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...

Struts <= 2.0.11 Multiple Directory Traversal Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/32104/info Struts is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues using directory-traversal strings...

XWork 2.0.x 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/32101/info XWork is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. Attackers can exploit this issue to manipulate server-side context objects with the privileges of the...

Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

Apache Struts <= 2.2.1.1 - Remote Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15512/info Struts is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the...

Apache Struts < 2.2.0 - Remote Command Execution

No description provided by source. $Id: strutscodeexec.rb 13586 2011-08-19 05:59:32Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

Apache Struts ParametersInterceptor Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities

No description provided by source. Title : Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://struts.apache.org/ Advisory : http://secpod.org/blog/?p=450...

Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities

No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20120104-0 ======================================================================= title: Multiple critical vulnerabilities in Apache Struts2 product: Apache Struts2 OpenSymphony XWork OpenSymphony OGNL vulnerable...

Apache Struts ClassLoader Manipulation Remote Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module...

VMware Patches Apache Struts Flaws in vCOPS

VMware has patched several serious security vulnerabilities in its vCenter Operations Center Management suite, one of which could lead to remote code execution on vulnerable machines. All of the vulnerabilities that the company patched lie in the Apache Struts Java application framework, and the...

VMware product updates address security vulnerabilities in Apache Struts library

The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2014-0050, CVE-2014-0094, and CVE-2014-0112 to these issues.CVE-2014-0112 may lead to remote code execution. This...

VMSA-2014-0007:VMware product updates address security vulnerabilities in Apache Struts library

VMSA-2014-0007.2 VMware product updates address security vulnerabilities in Apache Struts library VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0007.2 VMware Security Advisory Synopsis: VMware product updates address security vulnerabilities in Apache Struts library...

SUSE-SU-2015:0886-1 Security update for struts

Apache Struts was updated to fix a security issue: CVE-2014-0114: The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to 'manipulate' the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method. Security Issue reference:...

TERASOLUNA Server Framework for Java(Web) vulnerable to ClassLoader manipulation

Overview TERASOLUNA Server Framework for JavaWeb provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for JavaWeb bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated CVE-2014-0114...

JVN#30962312: TERASOLUNA Server Framework for Java(Web) vulnerable to ClassLoader manipulation

TERASOLUNA Server Framework for JavaWeb provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for JavaWeb bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated CVE-2014-0114. Therefor...