65 matches found
CVE-2016-0785
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation...
CVE-2016-0785
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation...
CVE-2016-0785
CVE-2016-0785 affects Apache Struts 2.x; vulnerability arises from a double OGNL evaluation in tag attributes (forced OGNL). Affected versions include Struts 2.x before 2.3.29 (with references across IBM advisories and OSVs). Exploitation status is not detailed in the provided documents. Remediat...
CVE-2012-4446
The default configuration for Apache Qpid 0.20 and earlier, when the federationtag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request...
Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...