2549 matches found
SUSE CVE-2024-53677
File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before...
CVE-2023-34149
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
CVE-2023-34396
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts
CVE-2024-53677 Exploitation Apache Struts RCE via File U...
PT-2025-6147 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a Cross-Site Request Forgery in Apache Struts. No further details are provided about the nature of the issue, affected devices, or real-world incidents...
PT-2025-6479 · Undefined · Undefined
"Source": "CVE FEED", "Title": "CVE-2024-8545 - CVE-2021-35127: Apache Struts Command Injection Vulnerability", "Content": "CVE ID : CVE-2024-8545 Published : Feb. 11, 2025, 2:15 a.m. | 1 hour, 38 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE...
CISCO-SA-20170907-STRUTS2
creationtimestamp| type| source ---|---|--- 2025-02-07 18:02:56+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/3799...
Security Bulletin: Vulnerability in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2024-53677)
Summary Apache Struts is used by Tivoli Netcool/OMNIbus WebGUI WebGUI as part of its web client component. Vulnerability Details CVEID:CVE-2024-53677 DESCRIPTION: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some...
PT-2025-1358 · Undefined · Undefined
"Source": "CVE FEED", "Title": "CVE-2025-23126 - CVE-2021-36344: Apache Struts Code Injection Vulnerability", "Content": "CVE ID : CVE-2025-23126 Published : Jan. 11, 2025, 3:15 p.m. | 42 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering...
PT-2025-4833 · Undefined · Undefined
"Source": "CVE FEED", "Title": "CVE-2025-23126 - CVE-2021-36344: Apache Struts Code Injection Vulnerability", "Content": "CVE ID : CVE-2025-23126 Published : Jan. 11, 2025, 3:15 p.m. | 42 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts
CVE-2024-53677 - Apache Struts 2 Remote Code Execution Vulnerabi...
About Remote Code Execution – Apache Struts (CVE-2024-53677) vulnerability
About Remote Code Execution - Apache Struts CVE-2024-53677 vulnerability. Apache Struts is an open source software framework for building Java web applications. It allows developers to separate the application's business logic from the user interface. Due to its scalability and flexibility, Apach...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts
Apache Struts Remote Code Execution Vulnerabili...
Apache Struts < 6.4.0 Unrestricted File Upload (S2-067)
Apache Struts versions prior to 6.4.0 are vulnerable to an upload logic flaw allowing an attacker to manipulate file upload parameters to enable path traversal and under some circumstances this can lead to a remote code execution. No source data...
K000149093: Apache Struts vulnerability CVE-2024-53677
Security Advisory Description File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apach...
Vulnerability fixed in Apache Struts
Apache has fixed a vulnerability in Apache Struts Versions from 2.0.0 to before 6.4.0. The vulnerability is in the way the file upload logic is implemented in the deprecated FileUploadInterceptor. This vulnerability can be exploited to execute arbitrary code on systems running these versions. Sin...
Upgrade Struts to avoid false-positive scanner warnings about CVE-2024-53677
h3. Issue Summary Recent CVE-2024-53677 at Struts triggers vulnerability scanners warning. panel:title=Bamboo is not affected Supported versions of Bamboo 9.2+, 9.6+, 10.2+ are not affected because FileUploadInterceptor doesn't handle uploaded files. panel h3. Steps to Reproduce See WEB-INB/lib...
Apache Struts file upload path traversal
Added: 12/20/2024 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A directory traversal vulnerability in Apache...
Apache Struts file upload path traversal
Added: 12/20/2024 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A directory traversal vulnerability in Apache...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts
Disclaimer Do not use the related technologies described in...