CVE-2024-53677 Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks

File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before...

CVE-2024-53677

CVE-2024-53677 affects Apache Struts 2 (from 2.0.0 up to, but not including, 6.4.0). The root cause is flawed file upload logic that can be manipulated to enable path traversal, potentially allowing a malicious file upload and, under certain conditions, remote code execution (RCE). Public PoCs an...

Apache Struts 安全漏洞

Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts has a file upload...

PT-2024-9392

Vulnerability Summary Name of the Vulnerable Software and Affected Versions: Apache Struts versions 2.0.0 through 2.3.37, 2.5.0 through 2.5.33, and 6.0.0 through 6.3.0.2. Description A critical flaw exists in the file upload logic of Apache Struts. An attacker can manipulate file upload parameter...

CVE-2023-51644

Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2023-51644

Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2023-51644

Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2023-51644 Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability

Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2023-51644 Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability

Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2023-51644

CVE-2023-51644 concerns Allegra SiteConfigAction with improper access control in Struts. The flaw enables remote code execution in the context of LOCAL SERVICE without authentication. Affected component is the configuration logic of Struts within Allegra; exploitation is possible over the network...

Security Bulletin: IBM B2B File Gateway is affected by Apache Struts vulnerability to denial of service

Summary IBM B2B File Gateway is affected by Apache Struts vulnerability to denial of service Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an incomplete cleanup of the struts.multipart.saveDir directory after an upload reques...

The vulnerability of the struts2-core library in the Apache Struts software platform allows attackers to induce a service failure.

The vulnerability of the struts2-core library of the Apache Struts software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures using specially crafted XML files...

The vulnerability of the struts2-core library in the Apache Struts software platform allows attackers to induce a service failure.

The vulnerability of the struts2-core library of the Apache Struts software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures using specially crafted XML files...

The vulnerability of the struts2-core library in the Apache Struts software platform allows attackers to induce a service failure.

The vulnerability of the struts2-core library of the Apache Struts software platform is related to errors during permission storage. Exploiting this vulnerability can allow an attacker to cause service failures using specially crafted files...

The vulnerability of the struts2-core library of the Apache Struts software platform allows attackers to execute arbitrary code.

The vulnerability of the struts2-core library of the Apache Struts software platform is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted XSLT file...

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164 PoC This repository is a proof of concept PoC...

Apache Struts 2.0.0 < 2.3.18 RCE (S2-008)

The version of Apache Struts installed on the remote host is prior to 2.3.18. It is, therefore, affected by a vulnerability as referenced in the S2-008 advisory. - The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute...

RHSA-2014:0500 Red Hat Security Advisory: struts security update

Bulletin has no description...

RHSA-2014:0474 Red Hat Security Advisory: struts security update

Bulletin has no description...

Security Bulletin: Vulnerability in jackson-databind affects IBM watsonx.data

Summary There are multiple CVEs fixed for this Security Bulletin. For the FasterXML jackson-databind CVEs, jackson-databind could allow a remote attacker to execute arbitrary code on the system. For CVE-2017-7525, Apache Struts could also allow a remote attacker to execute arbitrary code on the...