Lucene search
K

65 matches found

NVD
NVD
added 2016/04/12 4:59 p.m.25 views

CVE-2016-0785

Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation...

9CVSS8.8AI score0.08812EPSS
Exploits0References3
Cvelist
Cvelist
added 2016/04/12 4:0 p.m.30 views

CVE-2016-0785

Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation...

8.8AI score0.08812EPSS
Exploits0References3
CVE
CVE
added 2016/04/12 4:0 p.m.96 views

CVE-2016-0785

CVE-2016-0785 affects Apache Struts 2.x; vulnerability arises from a double OGNL evaluation in tag attributes (forced OGNL). Affected versions include Struts 2.x before 2.3.29 (with references across IBM advisories and OSVs). Exploitation status is not detailed in the provided documents. Remediat...

9CVSS8.7AI score0.08812EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2013/03/14 3:10 a.m.25 views

CVE-2012-4446

The default configuration for Apache Qpid 0.20 and earlier, when the federationtag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request...

6.8CVSS7AI score0.04913EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/02/20 9:33 p.m.8 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
Rows per page
Query Builder