F5 Networks BIG-IP : Apache Struts vulnerabilities (K24608264)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K24608264 advisory. - Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code executio...

Oracle MySQL Enterprise Monitor (October 2023 CPU)

The versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Monitoring: General Apache Struts. Supported versions...

Ubuntu 16.04 ESM / 18.04 ESM : Apache Commons BeanUtils vulnerabilities (USN-4766-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4766-1 advisory. It was discovered that Apache Commons BeanUtils improperly handled certain input. An attacker could possibly use this vulnerability to cause ...

Security Bulletin: Struts vulnerability

Summary Apache Struts is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an incomplete cleanup of the struts.multipart.saveDir directory after an upload request is denied. By sending a speciall...

Security Bulletin: Struts vulnerability

Summary Apache Struts is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw with only handling setProperty but not getProperty. By sending a specially crafted request, a remote attacker cou...

Security Bulletin: Apache Struts Vulnerability

Summary Apache Struts Vulnerability Vulnerability Details CVEID:CVE-2023-34396 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw when processing Multipart request containing non-file normal form fields. By sending a specially crafted request, a remote attacker coul...

Apache Struts SEoL (2.3.0.x <= x <= 2.3.37.x)

According to its version, Apache Struts is between 2.3.0.x and 2.3.37.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

Apache Struts SEoL (1.0.x <= x <= 1.3.10.x)

According to its version, Apache Struts is between 1.0.x and 1.3.10.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

K000136957: Apache struts vulnerability CVE-2023-41835

Security Advisory Description When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Strut...

Security Bulletin: Vulnerabilities in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI

Summary Apache Struts is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component CVE-2023-34149, CVE-2023-34396 Vulnerability Details CVEID:CVE-2023-34396 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw when processing Multipart request containi...

Apache Struts Security Update (S2-065)

Apache Struts is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:struts";...

PT-2023-7509 · Atlassian +1 · Confluence +1

Name of the Vulnerable Software and Affected Versions: Apache Struts versions prior to 2.5.32 Apache Struts versions prior to 6.1.2.2 Apache Struts versions prior to 6.3.0.1 Confluence Data Center versions from 7.17.0 to 8.8.0 excluding 8.8.0 Confluence Data Center versions from 8.0.0 to 8.0.4...

Apache Struts 2.0.0 < 2.5.32 / 6.0.0 < 6.3.0.1 Denial of Service (S2-065)

The version of Apache Struts installed on the remote host is prior to 2.5.32 or 6.3.0.1. It is, therefore, affected by a vulnerability as referenced in the S2-065 advisory. - When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remai...

Security Bulletin: CVE-2023-34396 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint.

Summary CVE-2023-34396 reported in Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint Vulnerability Details CVEID:CVE-2023-34396 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw when...

Security Bulletin: CVE-2023-34149 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2023-34149 reported in Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint. Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw wit...

Security Bulletin: Apache Struts Vulerability Affects IBM eDiscovery Manager (CVE-2023-34149, CVE-2023-34396)

Summary Multiple vulnerabilities in Apache Struts 2.5.30 may affect IBM eDiscovery Manager. Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw with only handling setProperty but not getProperty. By sending a specially craft...

Security Bulletin: Multiple Vulnerabilities in Apache Struts Affect IBM eDiscovery Manager

Summary Multiple vulnerabilities in Apache Struts 2.3.x may affect IBM eDiscovery Manager. These are addressed. Vulnerability Details CVEID:CVE-2020-17530 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on...

Security Bulletin: Multiple Vulnerabilities in Apache Struts 1.2.x Affect IBM eDiscovery Manager

Summary Multiple vulnerabilities in Apache Struts 1.2.x may affect IBM eDiscovery Manager. Vulnerability Details CVEID:CVE-2016-1181 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote...

Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager. (CVE-2023-34396, CVE-2023-34149)

Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2023-34396, CVE-2023-34149 Vulnerability Details CVEID:CVE-2023-34396 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw when processing Multipart request...

The vulnerability of the Apache Struts software platform, related to unlimited resource distribution, allows attackers to cause service failures.

The vulnerability of the Apache Struts software platform is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...