Apache Struts 'Problem Report' XSS Vulnerability (S2-025)

Apache Struts is prone to a cross-site scripting XSS vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Oracle WebLogic Server Multiple Vulnerabilities

Binary data oracleweblogicserverCVE-2017-9805.nbin...

Whoops, Turns Out 2.5 Million More Americans Were Affected By Equifax Breach

Equifax data breach was bigger than initially reported, exposing highly sensitive information of more Americans than previously revealed. Credit rating agency Equifax says an additional 2.5 million U.S. consumers were also impacted by the massive data breach the company disclosed last month,...

Apache Struts RCE Vulnerability

Multiple Remote Code Execution vulnerabilities CVE-2017-9805, CVE-2017-9804, CVE-2017-9793 are affecting Apache Struts...

BSA-2017-438

Security Advisory ID : BSA-2017-438 Component : Apache Struts Revision : 2.0: Interim It was found thatFreemarkerin Struts would permit using read-only properties in value assignment of tag expressions. An attacker could use this to execute arbitrary code. Affected Products Brocade is investigati...

Apache Struts DoS Vulnerability (S2-044) - Linux

Apache Struts is prone to a Denial of Service DoS vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Apache Struts Path Traversal Vulnerability (S2-042) - Linux

Apache Struts is prone to a path traversal vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Apache Struts Security Update (S2-044)

Apache Struts is prone to a Denial of Service DoS vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Apache Struts Security Update (S2-042)

Apache Struts is prone to a path traversal vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Oracle Patches Apache Struts, Reminds Users to Update Equifax Bug

Oracle released fixes for a handful of recently patched Apache Struts 2 vulnerabilities, including a critical remote code execution vulnerability CVE-2017-9805 that could let an attacker take control of an affected system, late last week. The Apache Software Foundation patched the RCE...

CVE-2015-5169

Cross-site scripting XSS vulnerability in Apache Struts before 2.3.20...

Cross site scripting

Cross-site scripting XSS vulnerability in Apache Struts before 2.3.20...

CVE-2015-5169

Cross-site scripting XSS vulnerability in Apache Struts before 2.3.20...

CVE-2015-5169

Apache Struts is affected by an XSS vulnerability (CVE-2015-5169) present in Struts versions prior to 2.3.20. When debug mode is enabled, specially crafted inputs can trigger arbitrary script execution in a victim’s browser in the context of the web application. Public advisories and vendor notes...

CVE-2015-5169

Cross-site scripting XSS vulnerability in Apache Struts before 2.3.20...

Oracle Patches Apache Vulnerabilities

Oracle has released security updates to address Apache Struts 2 vulnerabilities found across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Oracle Security Alert and...

CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...

CVE-2017-9804

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this...

Design/Logic Flaw

In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL...

CVE-2017-9793

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload...