1986 matches found
The vulnerability of the Apache Struts software platform arises from insufficient validation of input data, allowing attackers to execute arbitrary code.
The vulnerability of the Apache Struts software platform exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the sequence of characters “%” within tag attributes double evaluation of parameters as expressions ...
Me on the Equifax Breach
Testimony and Statement for the Record of Bruce Schneier Fellow and Lecturer, Belfer Center for Science and International Affairs, Harvard Kennedy School Fellow, Berkman Center for Internet and Society at Harvard Law School Hearing on "Securing Consumers' Credit Data in the Age of Digital Commerc...
Apache Struts Security Update (S2-027)
Apache Struts is prone to a remote code execution RCE vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Apache Struts 'TextParseUtil.translateVariables' RCE Vulnerability (S2-027) - Linux
Apache Struts is prone to a remote code execution RCE vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Apache Struts 'TextParseUtil.translateVariables()' Remote Code Execution Vulnerability
Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...
Design/Logic Flaw
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...
CVE-2016-3090
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...
CVE-2016-3090
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...
CVE-2016-3090
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...
CVE-2016-3090
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...
CVE-2016-3090
CVE-2016-3090 — Affected product and details : Apache Struts 2.x prior to 2.3.20 is vulnerable. The issue lies in the TextParseUtil.translateVariables method, exposed via a crafted OGNL expression using ANTLR tooling. Impact : remote code execution (RCE) with network access. Exploitation : attack...
Apache Struts 2 Struts 1 Plugin ActionMessage < 2.3.32 RCE
Remote command execution vulnerability in Apache Struts 2 Struts 1 plugin ActionMessage class error message input handling Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Apache Struts Remote Code Execution Vulnerability (CNVD-2017-32355)
Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...
CVE-2016-4461
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785...
Design/Logic Flaw
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785...
CVE-2016-4461
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785...
CVE-2016-4461
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785...
CVE-2016-4461
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785...
CVE-2016-4461
CVE-2016-4461: Apache Struts vulnerability causing remote code execution via forced double OGNL evaluation. IBM/security bulletins show affected IBM FlashSystem products (V840, V900, Storwize/SAN volumes) with vulnerable VRMFs and the need to upgrade to fixed code levels. IBM Bulletins list affec...
To expose the spike Trend Micro multiple products RCE vulnerability flaws bug-a vulnerability warning-the black bar safety net
The framework of the network security of ever more and more give rise to a network security staff to the presence of dependents, for example, the Apache Struts case because within the framework of a wide range of vulnerabilities flaws bug the excitation of the network hits the firing presumably...