1986 matches found
Apache Foundation Refutes Involvement in Equifax Breach
A group of developers behind Apache Struts, believed by some to be the culprit behind last week’s Equifax breach, took umbrage with those claims over the weekend. René Gielen, vice president of the Apache Struts Project Management Committee PMC at the Apache Software Foundation, wrote Saturday th...
Struts2 new flaws vulnerability bug(S2-052 presents the use case, and face the vulnerability flaws of the enterprise-the race against time-vulnerability warning-the black bar safety net
Prior to the black bar safety net it S2-052)vulnerabilities done in a special thematic report, I believe we also have understand! Recently from the Cisco Talos experimental study of the analysis chamber and NVISO laboratory for the research staff also found that there was an attacker of real use ...
Cisco Releases Security Advisories
Cisco has released advisories describing Apache Struts 2 vulnerabilities potentially affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisories...
Apache Struts DoS Vulnerability (S2-050) - Linux
Apache Struts is prone to a regular expression Denial of Service DoS vulnerability when using URLValidator. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Apache Struts Security Update (S2-050)
Apache Struts is prone to a regular expression Denial of Service DoS vulnerability when using URLValidator. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Apache Struts Security Update (S2-053) - Active Check
Apache Struts is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Deserialization of Untrusted Data in Apache Struts
apache-struts-pwn - CVE-2017-9805 Exploit ============ An...
Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
On September 7, 2017, the Apache Software Foundation released a security bulletin that disclosed a vulnerability in the Freemarker tag functionality of the Apache Struts 2 package. The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. T...
CVE-2017-9805: Analysis of Apache Struts RCE Vulnerability in REST Plugin
Just two months ago we published an analysis of a critical remote code execution RCE security vulnerability in Apache Struts. Now Apache Struts has published a new version fixing yet another critical RCE vulnerability September 5, 2017. CVE-2017-9805 is a vulnerability in Apache Struts related to...
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 4, 2017
Earlier this week, a ‘severe’ vulnerability was discovered in Apache Struts, an open source framework for developing applications in Java. The vulnerability, CVE-2017-9805, affects all versions of Struts since 2008 and all applications using the framework’s REST plugin are vulnerable. Trend Micro...
Equifax breach: What you need to know [updated]
updates 9/14/2017 Equifax has released information and confirmed the vulnerability CVE-2017-5638 that was used in this breach after several days of intense scrutiny around Apache Struts. To make matters worse, there already was a patch available for this flaw in March 2017, two months prior to th...
Exploit for Improper Input Validation in Apache Struts
S2-053-CVE-2017-12611 A simple script for exploit RCE for Stru...
Apache Struts 2 REST Plugin XStream RCE
Apache Struts versions 2.1.2 - 2.3.33 and Struts 2.5 - Struts 2.5.12, using the REST plugin, are vulnerable to a Java deserialization attack in the XStream library. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework clas...
Apache Struts 2.0.1 2.3.33 2.5 2.5.10 - Arbitrary Code Execution
Apache Struts 2.0.1 2.3.33 2.5 2.5.10 - Arbitrary Code Execution import requests import sys from urllib import quote def exploiturl: res = requests.geturl, timeout=10 if res.statuscode == 200: print "+ Response: ".formatstrres.text print "\n+ Exploit Finished!" else: print "\n! Exploit Failed!" i...
Apache Struts REST plugin XStream deserialization vulnerability
Added: 09/08/2017 CVE: CVE-2017-9805 BID: 100609 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The REST plugi...
Apache Struts REST plugin XStream deserialization vulnerability
Added: 09/08/2017 CVE: CVE-2017-9805 BID: 100609 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The REST plugi...
Apache Struts REST plugin XStream deserialization vulnerability
Added: 09/08/2017 CVE: CVE-2017-9805 BID: 100609 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The REST plugi...
CVE-2017-9805: Apache Struts Remote Code Execution | Cloud Foundry
Severity Advisory/Critical Vendor Apache Versions Affected Apache Struts 2: 2.3.x versions prior to 2.3.34 2.5.x versions prior to 2.5.13 Description An RCE attack is possible when using the Struts REST plugin with XStream handler to deserialise XML requests 1. Affected Cloud Foundry Products and...
BSA-2017-427
Security Advisory ID : BSA-2017-427 Component : Apache Struts 2 Revision : 2.0: Interim The REST Plugin in Apache Struts2 is usingaXStreamHandlerwith an instance ofXStreamfor deserialization without any type filtering which could lead to Remote Code Execution whendeserializingXML payloads. An...
Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
On September 5, 2017, the Apache Software Foundation released security bulletins that disclosed three vulnerabilities in the Apache Struts 2 package. Of these vulnerabilities, the Apache Software Foundation classifies one as Critical Severity, one as Medium Severity, and one as Low Severity. For...