1986 matches found
Apache Struts 'top' Object Access Security Bypass Vulnerability (S2-026) - Linux
Apache Struts is prone to a security bypass vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...
Apache Struts Security Update (S2-026)
Apache Struts is prone to a security bypass vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...
Design/Logic Flaw
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object...
CVE-2015-5209
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object...
CVE-2015-5209
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object...
CVE-2015-5209
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object...
CVE-2015-5209
CVE-2015-5209 affects Apache Struts 2.x and allows a remote attacker to gain unauthorized access by manipulating a special top-level object in Struts' ValueStack, enabling manipulation of internal settings and user sessions. Public advisories and IBM notices enumerate affected IBM products (IBM S...
CVE-2017-9787
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33...
CVE-2017-7672
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12...
Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)
The version of Oracle Enterprise Manager Grid Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An...
Oracle WebLogic Server Multiple Vulnerabilities (July 2017 CPU)
The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities : - A flaw exists in Jython due to executable classes being created with insecure permissions. A local attacker can exploit this to bypass intended access restrictions and thereby disclose...
Apache Struts URLValidator DoS Vulnerability (S2-047) - Linux
Apache Struts is prone to a denial of service DoS vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Apache Struts Spring AOP DoS Vulnerability (S2-049) - Linux
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack when user was properly authenticated. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced...
Apache Struts Security Update (S2-049)
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack when user was properly authenticated. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution
This module exploits a remote code execution vulnerability in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series. Remote Code Execution can be performed via a malicious field value. This module requires Metasploit: https://metasploit.com/download Current source:...
Apache Struts 2.3.x Showcase Remote Code Execution
!/usr/bin/python -- coding: utf-8 -- Just a demo for CVE-2017-9791 import requests def exploiturl, cmd: print"+ command: %s" % cmd payload = "%" payload += "[email protected]@DEFAULTMEMBERACCESS." payload += "memberAccess?memberAccess=dm:" payload +=...
Apache Struts Denial of Service Vulnerability (CNVD-2017-23348)
Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...
Apache Struts 2.3.x Showcase - Remote Code Execution (PoC) Exploit
Exploit for multiple platform in category web applications !/usr/bin/python -- coding: utf-8 -- Just a demo for CVE-2017-9791 import requests def exploiturl, cmd: print"+ command: %s" % cmd payload = "%" payload += "email protected@DEFAULTMEMBERACCESS." payload += "memberAccess?memberAccess=dm:"...
Apache Struts 2.5.x < 2.5.12 Multiple DoS (S2-047) (S2-049)
The version of Apache Struts running on the remote host is 2.5.x prior to 2.5.12. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists when handling a specially crafted URL in a form field when the built-in URL validator is used. An unauthenticated,...
CVE-2017-9791: Analysis of RCE in the Struts Showcase App in Struts 1 Plugin
On July 7th, a new security vulnerability was published in Apache Struts 2 CVE-2017-9791 S2-0481. Struts 2.3.x users with Struts 1 plugin, which includes the Showcase app, are vulnerable. Once again, this vulnerability enables a Remote Code Execution RCE, which is the most commonly exploited Apac...