Log4Shell HTTP Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Scanner', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration,...

PT-2024-10756 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a path traversal vulnerability. No specific details about the vulnerability, affected devices, or real-world incidents are provided. Recommendations: At the moment,...

PT-2024-10753 · Undefined · Undefined

"Source": "CVE FEED", "Title": "CVE-2019-6162 - CVE-2020-35518: Apache Struts Command Injection Vulnerability", "Content": "CVE ID : CVE-2019-6162 Published : July 29, 2024, 9:15 p.m. | 29 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering...

PT-2024-10607 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a Server-Side Request Forgery SSRF in Apache Struts. No information is provided about the estimated number of potentially affected devices worldwide or real-world...

Mirage

It is an offensive tool for web exploitation. The tool targets t...

SUSE CVE-2021-31805

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag's attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

RHEL 5 : struts (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - struts: Vulnerability in ActionForm allows unintended remote operations against components on server memo...

RHEL 5 : struts (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - struts: Vulnerability in ActionForm allows unintended remote operations against components on server memo...

Security Bulletin: Due to use of Apache Struts, Netcool Operation Insight is vulnerable to arbitrary code execution.

Summary Apache Struts is used by Netcool Operations Insight as part of internal services CVE-2023-50164 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary...

CVE-2023-51593

Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...

Security Bulletin: A vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in Apache Struts affects the product's management GUI. The Command Line Interface is unaffected CVE-2023-50164. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION: Apache Struts could allow a remo...

DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Crowd Data Center and Server

This High severity org.apache.struts:struts2-core Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.apache.struts:struts2-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.

Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2023-41835, CVE-2023-50164 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a deni...

VulnCheck KEV: CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...

Security Bulletin: Order Management could be subject to an Apache Struts vulnerability that could allow a remote attacker to execute arbitrary code on the system.

Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2013-2115, CVE-2013-4316, CVE-2014-0112, CVE-2014-0113, CVE-2015-5209, CVE-2016-3082, CVE-2016-4436, CVE-2017-12611, CVE-2019-0230, CVE-2019-0233, CVE-2020-17530, CVE-2021-31805,...

Security Bulletin: Order Management could be subject to multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x.

Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2012-0838, CVE-2011-1772, CVE-2008-6504, CVE-2010-1870, CVE-2012-0394, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin...

K000139043: Apache Struts vulnerabilities CVE-2016-4430, CVE-2016-4431, and CVE-2016-4433

Security Advisory Description CVE-2016-4430 Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery CSRF attacks via unspecified vectors. CVE-2016-4431 Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers ...

Atlassian Confluence 1.0.1 < 7.19.18 / 7.20.x < 8.5.5 / 8.6.x < 8.7.2 / 8.8.0 (CONFSERVER-94106)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-94106 advisory. - This High severity org.apache.struts:struts2-core Dependency vulnerability was introduced in versions 1.0.1 of Confluence Data Center and...

Security Bulletin: Due to use of Apache Struts, IBM Sterling File Gateway is affected by denial of service vulnerabilities (CVE-2023-34149, CVE-2023-34396)

Summary IBM Sterling File Gateway uses Apache Struts. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw with only handling setProperty but not...

Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Struts. The issue results from improper access control. An attacker can...