Apache Struts Security Update (S2-018)

The remote host is missing a security update for Apache Struts announced via the referenced advisory. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Security Bulletin: IBM Security Identity Manager deprecated Self Service UI contains Struts V1 (CVE-2016-1182)

Summary IBM Security Identity Manager made code changes to remove the deprecated function and its related Struts V1 code library. Vulnerability Details CVEID: CVE-2016-1182 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly...

The vulnerability of the getMultipartRequestHandler method in the Apache Struts software framework allows a hacker to induce a service failure.

The vulnerability of the getMultipartRequestHandler method in the Apache Struts software framework is related to resource release errors. Exploiting this vulnerability could allow an attacker to cause service failures...

The vulnerability of the ExceptionDelegator component in the Apache Struts software framework allows a hacker to execute arbitrary code.

The vulnerability of the ExceptionDelegator component in the Apache Struts software framework exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

Security Bulletin: IBM Security Identity Manager Virtual Appliance deprecated Self Service UI contains Struts V1 (CVE-2016-1182)

Summary IBM Security Identity Manager Virtual Appliance made code changes to remove the deprecated function and its associated Struts V1 code library. Vulnerability Details CVEID: CVE-2016-1182 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by the...

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. That's according to an in-depth look at the Linu...

Security Bulletin: One vulnerability in IBM FileNet Content Manager, IBM Content Foundation, IBM FileNet Content Federation Services and IBM FileNet Legacy Content Search Engine (CVE-2014-0114)

Summary A security vulnerability exists in IBM FileNet Content Manager, IBM Content Foundation, IBM FileNet Content Federation Services and IBM FileNet Legacy Content Search Engine. See the individual descriptions for the details. Vulnerability Details CVEID: CVE-2014-0114 CVE-2014-0114...

Apache Struts 2.0.0 < 2.5.26 Possible Remote Code Execution vulnerability (S2-061)

The version of Apache Struts installed on the remote host is prior to 2.5.26. It is, therefore, affected by a vulnerability as referenced in the S2-061 advisory. - Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software :...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2020-17530, CVE-2020-1971)

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID: CVE-2020-17530 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending...

Plan managed by specs allows to modify artifact dependencies with UI

h3. Issue Summary RSS-managed plan should be in View mode for every tab and page. h3. Steps to Reproduce Create plan managed by RSS with artifact subscription settings Open Plan config page and visit artifacts tab of job Click Edit or Delete button of artifact subscription item h3. Expected Resul...

Plan managed by specs allows to modify artifact dependencies with UI

h3. Issue Summary RSS-managed plan should be in View mode for every tab and page. h3. Steps to Reproduce Create plan managed by RSS with artifact subscription settings Open Plan config page and visit artifacts tab of job Click Edit or Delete button of artifact subscription item h3. Expected Resul...

K8tools

It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and anti-kill tools. The primary...

Why Software Supply Chain Attacks Are Inevitable and What You Must Do to Protect Your Applications

Most organizations have limited visibility over their software supply chain and little control of up to 95% of the software code they utilize. With multiple code sources from multiple software vendors, the number of known and unknown vulnerabilities quickly grows beyond the capabilities of intern...

Apache Struts 2.x < 2.5.22 Remote Code Execution (S2-059)

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. No source data...

Apache Struts 2.x < 2.5.26 Remote Code Execution (S2-061)

Apache Struts 2.0.0 to 2.5.26 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. No source data...

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Rational products based on IBM Jazz technology

Summary Multiple vulnerabilities in WebSphere Application Server traditional bundled with IBM Jazz Team Server based Applications affect the following products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team...

Apache Struts 2.x < 2.3.34 / 2.5.x < 2.5.12 Remote Code Execution (S2-053)

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a Remote Code Execution. No source data...

Apache Struts 2.1.6 < 2.3.34 / 2.5 < 2.5.13 Remote Code Execution (S2-052)

The REST Plugin in Apache Struts 2.1.6 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. No source data...

Apache Struts 2 < 2.3.33 Remote Code Execution (S2-048)

The Struts 1 plugin in Apache Struts 2 2.3.33 might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage class. No source data...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-1181 and CVE-2016-1182)

Summary IBM WebSphere Application Server is shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2016-1181...