CVE-2016-4430

CVE-2016-4430 affects Apache Struts 2.3.20–2.3.28.1, where token validation is mishandled, enabling remote CSRF attacks via unspecified vectors. Public sources in connected docs (IBM security advisories and the NVD entry) corroborate the CSRF impact and tie it to the same Struts versions. The vul...

CVE-2016-1181

CVE-2016-1181 affects Apache Struts 1.x (1.1–1.3.10) where ActionServlet.java mishandles multithreaded access to an ActionForm, allowing a remote attacker to execute arbitrary code or cause a denial of service via a multipart request (related to CVE-2015-0899). The NVD description explicitly ties...

CVE-2016-4431

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method...

CVE-2016-4438

The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression...

JVN#89379547: Apache Commons FileUpload vulnerable to denial-of-service (DoS)

Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service DoS. Impact Processing a specially crafted request may result in the server's CPU resources to be exhausted. Solution Apply the update...

F5 Networks BIG-IP : Apache Struts 2 vulnerability (K23432135)

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service block access to a website via unspecified vectors. CVE-2016-3093 C Tenable Network Security, Inc. The descriptive text and...

SOL23432135 - Apache Struts 2 vulnerability CVE-2016-3093

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

CVE-2016-4433

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request...

SOL93174402 - Apache Struts 2 vulnerability CVE-2016-3090

Vulnerability Recommended Actions None Supplemental Information Apache S2-027 Note: The previous link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge. SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a...

SOL15168792 - Apache Struts 2 vulnerability CVE-2016-4438

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

Apache Struts 2 REST Plugin OGNL Expression Handling RCE

The remote web application appears to use Apache Struts 2, a web framework that utilizes OGNL Object-Graph Navigation Language as an expression language. A remote code execution vulnerability exists in the REST plugin due to improper handling of OGNL expressions. An unauthenticated, remote attack...

Apache Struts 2.x < 2.3.29 Multiple Vulnerabilities (S2-035 - S2-040)

The version of Apache Struts running on the remote Windows host is 2.x prior to 2.3.29. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists due to erroneously performing double OGNL evaluation of attribute values assigned to certain tags. A...

Apache Struts REST Plugin DMI Code Execution (CVE-2016-3087)

A code execution vulnerability exists in Apache Struts. The vulnerability is due the way the OGNL expressions are processed when DMI is enabled and the REST plugin is used. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitatio...

CVE-2016-4436

Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up...

Apache Struts vulnerable to input validation bypass

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain an input validation bypass vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc...

Apache Struts vulnerable to cross-site request forgery

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain a cross-site request forgery vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc...

Apache Struts vulnerable to denial-of-service (DoS)

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain a denial-of-service DoS vulnerability due to an issue in URLValidator. ASAI Ken reported this...

Apache Struts vulnerable to remote code execution

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Web applications that are developed using Apache Struts 2 REST Plugin contain a remote code execution vulnerability. Note that the exploit code for this vulnerability is...

JVN#07710476: Apache Struts 2 vulnerable to remote code execution

Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. Web applications that are developed using Apache Struts 2 REST Plugin contain a remote code execution vulnerability. Note that the exploit code for this vulnerability is publicly...

JVN#12352818: Apache Struts 2 vulnerable to denial-of-service (DoS)

Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain a denial-of-service DoS vulnerability due to an issue in URLValidator. Impact An unauthenticated remote...