Lucene search
+L

184 matches found

NVD
NVD
added 2017/03/11 2:59 a.m.27 views

CVE-2017-5638

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...

10CVSS9.1AI score0.99999EPSS
Exploits44References34
OSV
OSV
added 2017/03/11 2:59 a.m.58 views

CVE-2017-5638

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...

9.8CVSS8.2AI score0.99999EPSS
Exploits44References34
UbuntuCve
UbuntuCve
added 2017/03/11 2:59 a.m.75 views

CVE-2017-5638

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...

10CVSS7.4AI score0.99999EPSS
Exploits44References3
CVE
CVE
added 2017/03/11 2:11 a.m.1782 views

CVE-2017-5638

The CVE-2017-5638 issue affects Apache Struts 2, specifically 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1. The Jakarta Multipart parser mishandles file uploads, leading to remote code execution via crafted Content-Type, Content-Disposition, or Content-Length headers (notably with a #cmd= payloa...

10CVSS9.2AI score0.99999EPSS
In wildExploits44References34Affected Software1
ATTACKERKB
ATTACKERKB
added 2017/03/11 12:0 a.m.158 views

CVE-2017-5638

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...

10CVSS1.8AI score0.99999EPSS
In wildExploits44References45
VMware
VMware
added 2017/03/11 12:0 a.m.1071 views

VMSA-2017-0004:VMware product updates resolve remote code execution vulnerability via Apache Struts 2

VMSA-2017-0004.7 VMware product updates resolve remote code execution vulnerability via Apache Struts 2 VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0004.7 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware product updates resolve...

10CVSS10AI score0.99999EPSS
Exploits44References36Affected Software4
Atlassian
Atlassian
added 2017/03/10 4:57 a.m.103 views

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

Description Bamboo used a version of Struts 2 that was vulnerable to CVE-2017-5638|https://cwiki.apache.org/confluence/display/WW/S2-045. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo Affected versions: All versions o...

10CVSS1.5AI score0.99999EPSS
Exploits44
Atlassian
Atlassian
added 2017/03/10 4:57 a.m.814 views

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

Description Bamboo used a version of Struts 2 that was vulnerable to CVE-2017-5638|https://cwiki.apache.org/confluence/display/WW/S2-045. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo Affected versions: All versions o...

10CVSS1.5AI score0.99999EPSS
Exploits44Affected Software1
Atlassian
Atlassian
added 2017/03/10 4:31 a.m.836 views

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

Description Crowd used a version of Struts 2 that was vulnerable to CVE-2017-5638|https://cwiki.apache.org/confluence/display/WW/S2-045. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Crowd. Affected versions: All versions of...

10CVSS1.4AI score0.99999EPSS
Exploits44Affected Software1
Packet Storm
Packet Storm
added 2017/03/10 12:0 a.m.892 views

Apache Struts 2 2.3.x / 2.5.x Remote Code Execution

CVE-2017-5638 Apache Struts 2 Vulnerability Remote Code Execution Reverse shell from target Author: anarc0der - github.com/anarcoder Tested with tomcat8 Install tomcat8 Deploy WAR file https://github.com/nixawk/labs/tree/master/CVE-2017-5638 Ex: Open: $ nc -lnvp 4444 python2 struntsrce.py...

0.2AI score0.99999EPSS
Exploits44
RedhatCVE
RedhatCVE
added 2017/03/08 11:53 a.m.73 views

CVE-2017-5638

A flaw was reported in Apache Struts 2 that could allow an attacker to perform remote code execution with a malicious Content-Type value...

10CVSS4.4AI score0.99999EPSS
Exploits44References2
myhack58
myhack58
added 2017/03/08 12:0 a.m.3272 views

How fast the use of s02-45 vulnerability to gain server access-vulnerability warning-the black bar safety net

1.1 CVE-2017-5638 vulnerability profile Apache Struts 2 is the world's most popular JavaWeb Server framework. However, in Struts 2 found that the presence of high-risk security vulnerability, CVE-2017-5638,S02-45,and the vulnerability impact to: Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts2...

0.99999EPSS
Exploits44
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/01/20 5:1 a.m.5 views

Java (OGNL) code execution in Apache Struts 2 when devMode is enabled

Overview Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. There is a known risk that arbitrary Java OGNL code may be executed in Apache Struts 2 when devMode is enabled in production environment. It is confirmed that...

6.8CVSS7.4AI score
Exploits0References4
F5 Networks
F5 Networks
added 2016/11/28 12:0 a.m.65 views

SOL43167094 - Apache Struts 2 vulnerability CVE-2016-6795

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

9.8CVSS2.8AI score0.08438EPSS
Exploits0References4
Prion
Prion
added 2016/10/03 3:59 p.m.26 views

Input validation

Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up...

7.5CVSS7.3AI score0.06549EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2016/10/03 3:59 p.m.32 views

CVE-2016-4436

Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up...

9.8CVSS7.2AI score0.06549EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2016/07/06 3:21 a.m.56 views

CVE-2016-4438

The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression...

9.8CVSS9.3AI score0.17171EPSS
Exploits2References2
NVD
NVD
added 2016/07/04 10:59 p.m.24 views

CVE-2016-4465

The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field...

5.3CVSS5.2AI score0.10638EPSS
Exploits0References7
OSV
OSV
added 2016/07/04 10:59 p.m.8 views

CVE-2016-4438

The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression...

9.8CVSS9.6AI score
Exploits0References6
Prion
Prion
added 2016/07/04 10:59 p.m.22 views

Cross site request forgery (csrf)

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request...

5CVSS7AI score0.10013EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder