2549 matches found
Apache Struts DefaultActionMapper redirect Prefix Vulnerability
Added: 08/01/2013 CVE: CVE-2013-2251 BID: 61189 OSVDB: 95405 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts use...
Apache Struts DefaultActionMapper redirect Prefix Vulnerability
Added: 08/01/2013 CVE: CVE-2013-2251 BID: 61189 OSVDB: 95405 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts use...
Apache Struts DefaultActionMapper redirect Prefix Vulnerability
Added: 08/01/2013 CVE: CVE-2013-2251 BID: 61189 OSVDB: 95405 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts use...
Apache Struts DefaultActionMapper redirect Prefix Vulnerability
Added: 08/01/2013 CVE: CVE-2013-2251 BID: 61189 OSVDB: 95405 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts use...
Apache Struts 2 vulnerability in-depth analysis-vulnerability warning-the black bar safety net
With the Apple developer site of the fall, has been exposed a week of Apache Struts2 vulnerabilities once again become a hot topic, today there is news that due to the vulnerability being exploited, Taobao's database has been stolen, although Taobao official denied this, but from the dark clouds...
VMware vCenter Operations Manager Arbitrary File Upload (VMSA-2012-0013)
The version of vCenter Operations Manager installed on the remote host is earlier than 5.0.3. It is, therefore, potentially affected by an arbitrary file upload vulnerability in the Apache Struts component. By exploiting this flaw, a remote, unauthenticated attacker could overwrite arbitrary file...
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Apache Struts 2...
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within...
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Apache Struts 2...
Apache Struts Remote Command Execution (CVE-2013-2251)
A Remote command execution vulnerability has been reported in Apache Struts. The vulnerability is due to a design flaw which allows attackers to manipulate parameters prefixed with action: redirect: redirectAction:...
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within...
Apache Struts Security Update (S2-016, S2-017) - Active Check
Apache Struts is prone to multiple vulnerabilities. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Apache Struts Security Update (S2-013, S2-014) - Active Check
Apache Struts is prone to multiple vulnerabilities. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Disaster date: the Internet in China was tragically Struts2 high-risk vulnerabilities-torn-vulnerability warning-the black bar safety net
Struts is the Apache Foundation's Jakarta project team an open source project, Struts by using Java Servlet/JSP technology, the Java EE-based Web applications Model-View-Controller(MVC design pattern application framework, MVC is a classic design pattern in a classic product. Currently, the Strut...
CVE-2013-2251
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted 1 action:, 2 redirect:, or 3 redirectAction: prefix...
CVE-2013-2248
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the 1 redirect: or 2 redirectAction: prefix...
CVE-2013-2251
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted 1 action:, 2 redirect:, or 3 redirectAction: prefix...
Code injection
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted 1 action:, 2 redirect:, or 3 redirectAction: prefix...
Immunity Canvas: STRUTS2_DEFAULT_ACTION_MAPPER
Name| struts2defaultactionmapper ---|--- CVE| CVE-2013-2251 Exploit Pack| CANVAS Description| Apache Struts 2.0.0 - 2.3.15 RCE Notes| References: https://cwiki.apache.org/confluence/display/WW/S2-016 Repeatability: Infinite VENDOR: Apache CVE Url: https://vulners.com/cve/CVE-2013-2251 CVE Name:...
Open redirect
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the 1 redirect: or 2 redirectAction: prefix...