CVE-2017-12611

CVE-2017-12611 is an Apache Struts vulnerability where an unintentional Freemarker expression in a tag can lead to remote code execution (RCE). The initial description specifies affected releases from Struts 2.0.0–2.3.33 and 2.5–2.5.10.1, due to using a Freemarker expression instead of string lit...

Apache Struts, RCE and Managing App Risk

People used to argue about whether cyber security is a business problem or a technical problem. But this frames the issue poorly. “Problem” and “solution” imply that there is a definitive “solve.” Cybercrime isn’t a technical problem that can be definitively solved. It is an inherent business ris...

Apache Struts 2 REST Plugin XStream Denial of Service (CVE-2017-9793)

A denial-of-service vulnerability exists in the Apache Struts 2 REST plugin. The vulnerability is due improper validation of XML input by the XStream library, during the deserialization process. A remote attacker could exploit this vulnerability by sending a crafted XML payload to the target serv...

CVE-2017-9805

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads...

CVE-2017-9805

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads...

CVE-2017-9805

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads...

CVE-2017-9805

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads...

CVE-2017-9805

CVE-2017-9805 affects the Apache Struts 2 REST plugin. The REST plugin uses an XStreamHandler with an XStream instance to deserialize XML without any type filtering, enabling remote code execution when processing crafted XML payloads. Affected versions are Struts 2.1.1–2.3.x before 2.3.34 and 2.5...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 11, 2017

In last week’s blog, I mentioned the Apache Struts vulnerability, which is still making headlines as estimates show that as many as 65 percent of Fortune 500 companies use it in some form. In addition, Equifax claims it has played a role in their breach affecting more than 143 million Americans. ...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

CVE-2017-9805

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. Recent assessments: Assessed...

The vulnerability of the Struts 1 plugin for the Apache Struts software platform allows attackers to execute arbitrary code.

The vulnerability of the Struts 1 plugin for the Apache Struts software framework exists due to insufficient validation of data entered by users, which is part of the message. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

The vulnerability of the Freemaker package from the Apache Struts software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the Freemaker package from the Apache Struts software platform exists due to incorrect processing of expressions written in the Object Graph Navigation Language OGNL. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

The vulnerability of the REST plugin of the Apache Struts software framework, which allows a hacker to execute arbitrary code.

The vulnerability of the REST plugin for the Apache Struts software platform exists due to the lack of filtering during deserialization of XML payloads. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the Jakarta Multipart parser on the Apache Struts software platform allows a hacker to execute arbitrary code.

The vulnerability of the Jakarta Multipart parser on the Apache Struts software platform arises from insufficient checks of the values of Content-Type, Content-Disposition, and Content-Length headers. This allows attackers to execute commands on the target system...

Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop

Visa and MasterCard are sending confidential alerts to financial institutions across the United States this week, warning them about more than 200,000 credit cards that were stolen in the epic data breach announced last week at big-three credit bureau Equifax. At first glance, the private notices...

Lessons Learned from the Equifax Disaster

143 million U.S. consumers, Equifax.com users who may have been affected by the the worst data breach in history are receiving all sorts of advice including a free TrustedID product license from Equifax. But despite numerous public reports about the incident, there are still many important...

Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw

The massive Equifax data breach that exposed highly sensitive data of as many as 143 million people was caused by exploiting a flaw in Apache Struts framework, which Apache patched over two months earlier of the security incident, Equifax has confirmed. Credit rating agency Equifax is yet another...

Equifax Hack Blamed on a Flaw in Apache Struts Framework

By Carolina A flaw in Apache Struts framework caused Exposure of Personal This is a post from HackRead.com Read the original post: Equifax Hack Blamed on a Flaw in Apache Struts Framework...

Apache Struts 2 Flaws Affect Multiple Cisco Products

After Equifax massive data breach that was believed to be caused due to a vulnerability in Apache Struts, Cisco has initiated an investigation into its products that incorporate a version of the popular Apache Struts2 web application framework. Apache Struts is a free, open-source MVC framework f...