Lucene search
K

1986 matches found

BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.5 views

The vulnerability of the Apache Struts software platform arises from insufficient validation of input data, allowing attackers to execute arbitrary code.

The vulnerability of the Apache Struts software platform exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the sequence of characters “%” within tag attributes double evaluation of parameters as expressions ...

9CVSS8AI score0.08341EPSS
Exploits0References3Affected Software1
Schneier on Security
Schneier on Security
added 2017/11/08 12:33 p.m.52 views

Me on the Equifax Breach

Testimony and Statement for the Record of Bruce Schneier Fellow and Lecturer, Belfer Center for Science and International Affairs, Harvard Kennedy School Fellow, Berkman Center for Internet and Society at Harvard Law School Hearing on "Securing Consumers' Credit Data in the Age of Digital Commerc...

6.4AI score
Exploits0
OpenVAS
OpenVAS
added 2017/11/02 12:0 a.m.19 views

Apache Struts Security Update (S2-027)

Apache Struts is prone to a remote code execution RCE vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

8.8CVSS8.9AI score0.06142EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2017/11/02 12:0 a.m.27 views

Apache Struts 'TextParseUtil.translateVariables' RCE Vulnerability (S2-027) - Linux

Apache Struts is prone to a remote code execution RCE vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

8.8CVSS8.8AI score0.06142EPSS
Exploits0References2
CNVD
CNVD
added 2017/11/02 12:0 a.m.3 views

Apache Struts 'TextParseUtil.translateVariables()' Remote Code Execution Vulnerability

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...

8.8CVSS9AI score0.06142EPSS
Exploits0References1
Prion
Prion
added 2017/10/30 2:29 p.m.22 views

Design/Logic Flaw

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...

6.5CVSS8AI score0.06142EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2017/10/30 2:29 p.m.25 views

CVE-2016-3090

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...

8.8CVSS7.6AI score0.06142EPSS
Exploits0References3
NVD
NVD
added 2017/10/30 2:29 p.m.23 views

CVE-2016-3090

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...

8.8CVSS8.8AI score0.06142EPSS
Exploits0References4
OSV
OSV
added 2017/10/30 2:29 p.m.16 views

CVE-2016-3090

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...

8.8CVSS7.7AI score
Exploits0References4
Cvelist
Cvelist
added 2017/10/30 2:0 p.m.25 views

CVE-2016-3090

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...

8.8AI score0.06142EPSS
Exploits0References4
CVE
CVE
added 2017/10/30 2:0 p.m.60 views

CVE-2016-3090

CVE-2016-3090 — Affected product and details : Apache Struts 2.x prior to 2.3.20 is vulnerable. The issue lies in the TextParseUtil.translateVariables method, exposed via a crafted OGNL expression using ANTLR tooling. Impact : remote code execution (RCE) with network access. Exploitation : attack...

8.8CVSS8.7AI score0.06142EPSS
Exploits0References4Affected Software1
Dsquare
Dsquare
added 2017/10/20 12:0 a.m.122 views

Apache Struts 2 Struts 1 Plugin ActionMessage < 2.3.32 RCE

Remote command execution vulnerability in Apache Struts 2 Struts 1 plugin ActionMessage class error message input handling Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

7.5CVSS1.3AI score0.98931EPSS
Exploits19
CNVD
CNVD
added 2017/10/19 12:0 a.m.3 views

Apache Struts Remote Code Execution Vulnerability (CNVD-2017-32355)

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...

9CVSS9AI score0.08341EPSS
Exploits0References1
NVD
NVD
added 2017/10/16 4:29 p.m.21 views

CVE-2016-4461

Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785...

9CVSS8.9AI score0.08341EPSS
Exploits0References3
Prion
Prion
added 2017/10/16 4:29 p.m.30 views

Design/Logic Flaw

Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785...

9CVSS8AI score0.08812EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2017/10/16 4:29 p.m.40 views

CVE-2016-4461

Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785...

9CVSS7.3AI score0.08341EPSS
Exploits0References2
OSV
OSV
added 2017/10/16 4:29 p.m.33 views

CVE-2016-4461

Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785...

8.8CVSS8.3AI score
Exploits0References3
Cvelist
Cvelist
added 2017/10/16 4:0 p.m.25 views

CVE-2016-4461

Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785...

8.9AI score0.08341EPSS
Exploits0References3
CVE
CVE
added 2017/10/16 4:0 p.m.78 views

CVE-2016-4461

CVE-2016-4461: Apache Struts vulnerability causing remote code execution via forced double OGNL evaluation. IBM/security bulletins show affected IBM FlashSystem products (V840, V900, Storwize/SAN volumes) with vulnerable VRMFs and the need to upgrade to fixed code levels. IBM Bulletins list affec...

9CVSS8.8AI score0.08341EPSS
Exploits0References3Affected Software1
myhack58
myhack58
added 2017/10/11 12:0 a.m.46 views

To expose the spike Trend Micro multiple products RCE vulnerability flaws bug-a vulnerability warning-the black bar safety net

The framework of the network security of ever more and more give rise to a network security staff to the presence of dependents, for example, the Apache Struts case because within the framework of a wide range of vulnerabilities flaws bug the excitation of the network hits the firing presumably...

7.7AI score
Exploits0
Rows per page
Query Builder