184 matches found
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...
CVE-2017-5638
The CVE-2017-5638 issue affects Apache Struts 2, specifically 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1. The Jakarta Multipart parser mishandles file uploads, leading to remote code execution via crafted Content-Type, Content-Disposition, or Content-Length headers (notably with a #cmd= payloa...
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...
VMSA-2017-0004:VMware product updates resolve remote code execution vulnerability via Apache Struts 2
VMSA-2017-0004.7 VMware product updates resolve remote code execution vulnerability via Apache Struts 2 VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0004.7 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware product updates resolve...
Apache Struts 2 Remote Code Execution (CVE-2017-5638)
Description Bamboo used a version of Struts 2 that was vulnerable to CVE-2017-5638|https://cwiki.apache.org/confluence/display/WW/S2-045. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo Affected versions: All versions o...
Apache Struts 2 Remote Code Execution (CVE-2017-5638)
Description Bamboo used a version of Struts 2 that was vulnerable to CVE-2017-5638|https://cwiki.apache.org/confluence/display/WW/S2-045. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo Affected versions: All versions o...
Apache Struts 2 Remote Code Execution (CVE-2017-5638)
Description Crowd used a version of Struts 2 that was vulnerable to CVE-2017-5638|https://cwiki.apache.org/confluence/display/WW/S2-045. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Crowd. Affected versions: All versions of...
Apache Struts 2 2.3.x / 2.5.x Remote Code Execution
CVE-2017-5638 Apache Struts 2 Vulnerability Remote Code Execution Reverse shell from target Author: anarc0der - github.com/anarcoder Tested with tomcat8 Install tomcat8 Deploy WAR file https://github.com/nixawk/labs/tree/master/CVE-2017-5638 Ex: Open: $ nc -lnvp 4444 python2 struntsrce.py...
CVE-2017-5638
A flaw was reported in Apache Struts 2 that could allow an attacker to perform remote code execution with a malicious Content-Type value...
How fast the use of s02-45 vulnerability to gain server access-vulnerability warning-the black bar safety net
1.1 CVE-2017-5638 vulnerability profile Apache Struts 2 is the world's most popular JavaWeb Server framework. However, in Struts 2 found that the presence of high-risk security vulnerability, CVE-2017-5638,S02-45,and the vulnerability impact to: Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts2...
Java (OGNL) code execution in Apache Struts 2 when devMode is enabled
Overview Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. There is a known risk that arbitrary Java OGNL code may be executed in Apache Struts 2 when devMode is enabled in production environment. It is confirmed that...
SOL43167094 - Apache Struts 2 vulnerability CVE-2016-6795
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
Input validation
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up...
CVE-2016-4436
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up...
CVE-2016-4438
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression...
CVE-2016-4465
The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field...
CVE-2016-4438
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression...
Cross site request forgery (csrf)
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request...