Apache Struts会话篡改安全绕过漏洞

Bugtraq ID: 50940 Apache Struts是一款建立Java web应用程序的开放源代码架构 Apache Struts存在安全漏洞，允许恶意用户绕过部分安全限制。 org.apache.struts2.interceptor.SessionAware或org.apache.struts2.interceptor.RequestAware接口没有正确阻止对会话映射的访问，可被利用向使用组合自动绑定接口的应用程序发送特制请求，可更改会话映射 Apache Software Foundation Struts 2.1.8 .1 Apache Software...

Apache Struts 2.0.9/2.1.8 - Session Tampering Security Bypass

source: https://www.securityfocus.com/bid/50940/info Apache Struts is prone to a security-bypass vulnerability that allows session tampering. Successful attacks will allow attackers to bypass security restrictions and gain unauthorized access. Apache Struts versions 2.0.9 and 2.1.8.1 are...

Apache Struts 2.0.92.1.8 - Session Tampering Security Bypass

Apache Struts 2.0.92.1.8 - Session Tampering Security Bypass source: https://www.securityfocus.com/bid/50940/info Apache Struts is prone to a security-bypass vulnerability that allows session tampering. Successful attacks will allow attackers to bypass security restrictions and gain unauthorized...

Apache Struts < 2.2.0 Remote Command Execution

No description provided by source. $Id: strutscodeexec.rb 13586 2011-08-19 05:59:32Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

Apache Struts < 2.2.0 Remote Command Execution

Exploit for multiple platform in category remote exploits $Id: strutscodeexec.rb 13586 2011-08-19 05:59:32Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information ...

Apache Struts &lt; 2.2.0 - Remote Command Execution (Metasploit)

$Id: strutscodeexec.rb 13586 2011-08-19 05:59:32Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Apache Struts < 2.2.0 Remote Command Execution

$Id: strutscodeexec.rb 13586 2011-08-19 05:59:32Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Apache Struts Security Update (S2-006) - Active Check

Apache Struts is prone to multiple vulnerabilities. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apache Struts2 'XWork' Information Disclosure Vulnerability

This host is running Apache Struts and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbapachestrutsxworkinfodiscvuln.nasl 5497 2017-03-06 10:23:23Z teissa $ Apache Struts2 'XWork' Information Disclosure Vulnerability Authors: Antu Sanadi Copyright: Copyright c...

Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure

Security Advisory: MVSA-11-007 http://www.ventuneac.net/security-advisories/MVSA-11-007 CVE: CVE-2011-2088 Vendors: Apache Software Foundation, OpenSymphony Products: Struts 2, XWork , WebWork Vulnerabilities: Java Class Path Information Disclosure Risk: Medium Attack Vector: From Remote...

CVE-2011-2087

Multiple cross-site scripting XSS vulnerabilities in component handlers in the javatemplates aka Java Templates plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of...

CVE-2011-2088

XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772....

CVE-2011-1772

Multiple cross-site scripting XSS vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 an action name, 2 the action attribute of an s:submit element, or 3 t...

Security feature bypass

XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772....

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in component handlers in the javatemplates aka Java Templates plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 an action name, 2 the action attribute of an s:submit element, or 3 t...

CVE-2011-2088

CVE-2011-2088 affects XWork (Apache Struts 2.2.1 / OpenSymphony XWork) where XWork-generated error pages could reveal internal Java class path information via an s:submit element and a nonexistent method. This is tied to the CVE-2011-1772 family and is described as a separate vulnerability relate...

CVE-2011-2087

CVE-2011-2087 affects the javatemplates (Java Templates) plugin in Apache Struts 2.x prior to 2.2.3. The issue is multiple XSS vulnerabilities in eight component handlers (FileHandler.java, HiddenHandler.java, PasswordHandler.java, RadioHandler.java, ResetHandler.java, SelectHandler.java, SubmitH...

CVE-2011-1772

CVE-2011-1772 is a cross-site scripting (XSS) vulnerability affecting Apache Struts 2.x (XWork) and OpenSymphony WebWork, with XWork error page generation failing to escape certain inputs. The issue arises from improper validation of user-supplied input when generating the action name for error p...

CVE-2011-2087

Multiple cross-site scripting XSS vulnerabilities in component handlers in the javatemplates aka Java Templates plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of...