2549 matches found
Apache Struts ParametersInterceptor ClassLoader Security Bypass (CVE-2014-0094; CVE-2014-0112; CVE-2014-0113; CVE-2014-0114)
A security bypass vulnerability exists in Apache Struts. The vulnerability is due to inadequate validation of data processed by ParametersInterceptor allowing for manipulation of the ClassLoader. A remote attacker could exploit this vulnerability by providing a class parameter in a request...
Apache Struts Zero Day Vulnerability Patch to be Re-Issued
The Apache Software Foundation today released an advisory warning that a patch issued in March for a zero-day vulnerability in Apache Struts did not fully patch the bug in question. Officials said a new patch is in development and will be released likely within the next 72 hours, said Rene Gielen...
Struts 2.3.16.1 代码执行漏洞
No description provided by source...
CA ERwin Web Portal MIMM downloadScriptFile.do Information Disclosure Vulnerability
This vulnerability allows remote attackers to read nearly any system file, including database credentials, on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific fl...
Apache Struts 2 'class' Parameter ClassLoader Manipulation
The remote web application appears to use Struts 2, a web framework that utilizes OGNL Object-Graph Navigation Language as an expression language. The version of Struts 2 in use is affected by a security bypass vulnerability due to the application allowing manipulation of the ClassLoader via the...
CVE-2014-0094
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...
Security feature bypass
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...
CVE-2014-0094
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...
CVE-2014-0094
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...
CVE-2014-0094
CVE-2014-0094 affects Apache Struts where the ParametersInterceptor before 2.3.16.2 allows a crafted request to pass a class parameter to getClass(), enabling ClassLoader manipulation and remote code execution in vulnerable deployments. Public references note exploitation in versions prior to 2.3...
Apache Struts ClassLoader操作漏洞
CVE ID:CVE-2014-0094 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。 该应用程序允许访问直接映射到“getClass()”方法的“class”参数 ,这可以被利用来操纵所使用的应用程序服务器的ClassLoader。 0 Apache Struts 2.x 厂商补丁: Apache ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://struts.apache.org/release/2.3.x/docs/s2-020.html...
Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module exploits a remote command executi...
Apache Struts Debugging Interceptor Remote Code Execution (CVE-2012-0394)
A remote code execution vulnerability exists in Apache Struts 2 web application framework. The vulnerability is due to insufficient input sanitization when running commands in "developer mode". A remote attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable...
JVN#14876762: Apache Commons FileUpload vulnerable to denial-of-service (DoS)
Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop. As of 2014 February 12, an exploit tool to attack against this vulnerability has been confirmed. Impact Processing a...
Apache Struts - Developer Mode OGNL Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts Developer Mode OGNL Execution', 'Description' = %q This module exploits a remote command execution vulnerability in...
Apache Struts Developer Mode OGNL Execution Exploit
This Metasploit module exploits a remote command execution vulnerability in Apache Struts 2. The problem exists on applications running in developer mode, where the DebuggingInterceptor allows evaluation and execution of OGNL expressions, which allows remote attackers to execute arbitrary Java...
Apache Struts Developer Mode OGNL Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts Developer Mode OGNL Execution', 'Description' = %q This module exploits a remote command execution vulnerability in...
Apache Struts 2 Developer Mode OGNL Execution
This module exploits a remote command execution vulnerability in Apache Struts 2. The problem exists on applications running in developer mode, where the DebuggingInterceptor allows evaluation and execution of OGNL expressions, which allows remote attackers to execute arbitrary Java code. This...
SOL14933 - Apache Struts vulnerability CVE-2013-2251
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL15260: Apache Struts vulnerability...
[ANN] Struts 2.3.15.3 GA release available - security fix
The Apache Struts group is pleased to announce that Struts 2.3.15.3 is available as a "General Availability" release.The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed ...