Debian: Security Advisory (DLA-292-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K40444230: Apache Struts 1 vulnerability CVE-2016-1181

Security Advisory Description ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service unexpected memory access via a multipart request, a related issue ...

K04403302: Apache Struts 1 vulnerability CVE-2016-1182

Security Advisory Description ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting XSS attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899...

Improper Input Validation in Apache Struts

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting XSS attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899...

Mageia: Security Advisory (MGASA-2016-0244)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Struts 1 ActionForm Denial-of-Service Vulnerability

ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service DoS...

Arbitrary code execution in Apache Commons BeanUtils

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability in GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-0114)

Summary Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability by using the class parameter of an ActionForm object to manipulate the ClassLoade...

Security Bulletin: Class loader manipulation vulnerability in IBM WebSphere Application Server that shipped with WebSphere Enterprise Service Bus Registry Edition (CVE-2014-0114)

Summary A class loader manipulation vulnerability exists in the Apache Struts 1, which is used by IBM WebSphere Application Server and is provided with WebSphere Enterprise Service Bus Registry Edition Vulnerability Details This security vulnerability is fixed with available interim fixes and are...

Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2014-0114)

Summary There is a classloader manipulation vulnerability in the Apache Struts 1 that is used by IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository v6.2, v6.3, v7.0 and v7.5. Vulnerability Details This vulnerability is fixed within WebSphere Application...

Oracle WebCenter Portal Multiple Vulnerabilities (January 2018 CPU)

Binary data oraclewebcenterportalcpujan2018.nbin...

Apache Struts 2 Struts 1 Plugin ActionMessage < 2.3.32 RCE

Remote command execution vulnerability in Apache Struts 2 Struts 1 plugin ActionMessage class error message input handling Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Updated struts packages fix security vulnerabilities

Updated struts packages fix security vulnerabilities: A vulnerability in Apache Struts 1 ActionForm allowing unintended remote operations against components on server memory, such as Servlets and ClassLoader, was found CVE-2016-1181. It was reported that The Apache Struts 1 Validator contains a...

CVE-2016-1182

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting XSS attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899...

CVE-2016-1181

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service unexpected memory access via a multipart request, a related issue to CVE-2015-0899...

CVE-2016-1182

CVE-2016-1182 is referenced in Jira issues JSWSERVER-26635/26636 and JSDSERVER-16462/16461, tying the vulnerability to ActionServlet.java in Apache Struts 1.x (1.3.10) with improper Validator configuration. Exploitation concerns remote code execution (RCE) and DoS, with CVSS scores around 8.x (RC...

CVE-2016-1182

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting XSS attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899...

JVN#45093481: Multiple vulnerabilities in Apache Struts 2

Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain multiple vulnerabilities listed below. Cross-site request forgery S2-038 - CVE-2016-4430 Version| Vector|...

Multiple Vulnerabilities in Apache Struts 1

Apache Struts is an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework product , Struts 1 and Struts 2. Apache Struts information leakage and denial of service vulnerabilities , remote...

Apache Struts 1 Cross-Site Scripting Vulnerability

Apache Struts is an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework product , Struts 1 and Struts 2. Apache Struts has a cross-site scripting vulnerability that can be exploited by remo...