2549 matches found
CVE-2013-2135
CVE-2013-2135 affects Apache Struts 2 prior to 2.3.14.3, allowing remote execution via OGNL when a crafted value contains both "${}" and "%{}" sequences that cause double evaluation. The issue is documented in multiple sources (S2-015) and is tied to how includeParams is handled in certain reques...
CVE-2013-2134
CVE-2013-2134: Apache Struts 2 before 2.3.14.3 allows remote OGNL code execution through a crafted action name during wildcard matching. IBM and other bulletins link this family of Struts vulnerabilities to exposed management interfaces and unauthorized access risks, with remediation typically de...
CVE-2013-2135
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "$" and "%" sequences, which causes the OGNL code to be evaluated twice...
CVE-2013-2134
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135...
Apache Struts 2.2.3 - Multiple Open Redirections
Apache Struts 2.2.3 - Multiple Open Redirections source: https://www.securityfocus.com/bid/61196/info Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can leverage these issues by constructing a...
Apache Struts 2.2.3 - Multiple Open Redirections
source: https://www.securityfocus.com/bid/61196/info Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can leverage these issues by constructing a crafted URI and enticing a user to follow it. Wh...
[ANN] Struts 2.3.14.1 GA (fast track | security)
The Apache Struts group is pleased to announce that Struts 2.3.14.1 is available as a "General Availability" release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed...
[ANN] Struts 2.3.14.3 GA (fast-track) release available
The Apache Struts group is pleased to announce that Struts 2.3.14.3 is available as a "General Availability" release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed...
CVE-2013-2115
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966...
CVE-2013-1965
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect...
CVE-2013-1966
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...
Design/Logic Flaw
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect...
Code injection
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...
CVE-2013-1965
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect...
CVE-2013-1966
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...
Code injection
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966...
CVE-2013-1965
CVE-2013-1965 affects Apache Struts 2, specifically the Struts Showcase App 2.0.0 through 2.3.13 (Struts 2 before 2.3.14.3). The vulnerability allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is mishandled during a redirect, enabling remote code execution o...
CVE-2013-2115
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966...
CVE-2013-1965
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect...
CVE-2013-1966
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...