Important: Red Hat Security Advisory: Fuse ESB Enterprise 7.1.0 security update

Fuse ESB Enterprise 7.1.0 R1 P4 Patch 4 on Rollup Patch 1, a security update that addresses one security issue, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CV...

Apache Struts Security Update (S2-020) - Active Check

ClassLoader Manipulation allows remote attackers to execute arbitrary Java code. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...

ClassLoader manipulation vulnerability

We have fixed a vulnerability in our fork of Apache Struts. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Crowd web interface. In cases when anonymous access is enabled, a valid user...

ClassLoader manipulation vulnerability

We have fixed a vulnerability in our fork of Apache Struts. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Crowd web interface. In cases when anonymous access is enabled, a valid user...

RedHat Update for struts RHSA-2014:0474-01

Check for the Version of struts OpenVAS Vulnerability Test RedHat Update for struts RHSA-2014:0474-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

CentOS Update for struts CESA-2014:0474 centos5

Check for the Version of struts OpenVAS Vulnerability Test CentOS Update for struts CESA-2014:0474 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

CentOS Update for struts CESA-2014:0474 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for struts RHSA-2014:0474-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Struts Detection for Windows

Binary data strutsdetectwin.nbin...

Apache Struts 2 CookieInterceptor Unspecified Security Bypass (S2-022)

The remote web application appears to use Struts 2, a Java based web application framework. The version of Struts 2 in use is affected by a security bypass vulnerability due to a flaw with CookieInterceptor. A remote, unauthenticated attacker can exploit this issue to manipulate the ClassLoader a...

Oracle Linux 5 : struts (ELSA-2014-0474)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-0474 advisory. - CVE-2014-0114: Fixed ClassLoader manipulation vulnerability Tenable has extracted the preceding description block directly from the Oracle Linux security...

CentOS 5 : struts (CESA-2014:0474)

Updated struts packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2014-0116

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

CVE-2014-0116

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

Design/Logic Flaw

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

CVE-2014-0116

Apache Struts 2.x vulnerable to ClassLoader manipulation via CookieInterceptor (getClass access) when using wildcard cookiesName, allowing remote code execution. Affects Struts 2.x before 2.3.20 (and multiple related CVEs linked to the same class loader flaw, including CVE-2014-0112 and CVE-2014-...

CVE-2014-0116

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

Struts2 then exposed S2-0 2 0 patch bypass vulnerability – evil regular expressions-vulnerability warning-the black bar safety net

4 on 2 to 4 November, the network exposed in the article“Security researchers noted that the Apache Struts2 vulnerability Bulletin S2-0 2 0, in process repair CVE-2 0 1 4-0 0 9 4 bug fixes program vulnerability exists, resulting patch is completely bypassed.” Affected products: Struts 2.0.0 –...

Apache Struts ClassLoader Manipulation

The remote web application appears to use Struts, a web application framework. The version of Struts in use contains a flaw that allows the manipulation of the ClassLoader via the 'class' parameter of an ActionForm object that results a denial of service. Note that this vulnerability may be...

Scientific Linux Security Update : struts on SL5.x i386/x86_64 (20140507)

It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution...