PT-2022-2374

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 2.5.29 Description The issue arises from incorrect handling of Object Graph Navigation Language expressions, which can lead to security degradation. If a developer uses forced OGNL evaluation with the %...

Apache Struts 2 安全漏洞

A remote code execution vulnerability exists in Apache Struts, an open source web application architecture for developing Java EE web applications from the Apache Foundation, which stems from the use of mandatory OGNL evaluation in tag attributes for untrusted user input. An attacker could exploi...

Apache Struts 2.0.0 < 2.5.30 Possible Remote Code Execution vulnerability (S2-062)

The version of Apache Struts installed on the remote host is prior to 2.5.30. It is, therefore, affected by a vulnerability as referenced in the S2-062 advisory. - The fix issued for CVE-2020-17530 S2-061 was incomplete. Still some of the tag's attributes could perform a double evaluation if a...

Apache Struts Improper Input Validation Vulnerability

Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language OGNL expressions...

Security Bulletin: Multiple vulnerabilities in WebSphere Service Registry and Repository in packages such as Apache Struts and Node.js

Summary Multiple security vulnerabilities in packages such as Apache Struts and Node.js affect WebSphere Service Registry and Repository. These have been addressed. Vulnerability Details CVEID:CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the...

Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs - February 2020

Summary Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs - February 2020 Vulnerability Details CVEID: CVE-2019-17267 DESCRIPTION: FasterXML jackson-databind could provide weaker than expected security, caused by a polymorphic typing issue in the...

Apache Struts Denial of Service (CVE-2006-1547)

A denial-of-service vulnerability exists in Apache Struts. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

Security Bulletin: Vulnerabilities in Struts v2 affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-1181, CVE-2016-1182

Summary Struts v2 vulnerabilities affet IBM Spectrum Control and Tivoli Storage Productivity Center. IBM Spectrum Control and Tivoli Storage Productivity Center have addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-1181 DESCRIPTION: Apache Struts could allow a remote attacker ...

Apache Struts 1 Improper Input Validation Vulnerability

The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...

GHSA-JC35-Q369-45PV Remote code execution in Apache Struts

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +300 more potentially affected by CVE-2020-17530 via org.apache.struts:struts2-core (>=2.0.11 <=2.5.25)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.2, =1.0, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2020-17530 Source advisory: OSV:GHSA-JC35-Q369-45PV...

Remote code execution in Apache Struts

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution...

Apache Struts 2.5.x Multiple Log4j Vulnerabilities (Log4Shell) - Active Check

Apache Struts is prone to multiple vulnerabilities in the Apache Log4j library. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Mageia: Security Advisory (MGASA-2016-0244)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Struts 2 Improper Input Validation Vulnerability

The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution...

VulnCheck KEV: CVE-2006-1547

ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service DoS...

Apache Struts 1 ActionForm Denial-of-Service Vulnerability

ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service DoS...

Apache Struts 2.5.x < 2.5.28.1 Log4j RCE Vulnerability

Apache Struts is prone to a remote code execution RCE vulnerability in the Apache Log4j library. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

Apache Struts 2.5.x < 2.5.28.2 Log4j DoS Vulnerability

Apache Struts is prone to a denial of service DoS vulnerability in the Apache Log4j library. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...

Log4Shell HTTP Scanner

Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP end point for the Log4Shell vulnerability by injectin...