CVE-2016-4003

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

Apache Struts 2 Tag Attribute Double OGNL Evaluation RCE

The remote web application appears to use Apache Struts 2, a web framework that utilizes OGNL Object-Graph Navigation Language as an expression language. A remote code execution vulnerability exists due to double OGNL evaluation of attribute values assigned to certain tags. An unauthenticated,...

Apache Struts 2.x < 2.3.28 Multiple Vulnerabilities (S2-028) (S2-029) (S2-030) (S2-034)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.28. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting vulnerability exists due to improper validation of user-supplied input when using a single byte page encoding. A remote attacker c...

Apache Struts 2 remote code execution vulnerability(CVE-2 0 1 6-0 7 8 5)-vulnerability warning-the black bar safety net

Apache Struts 2 is the world's most popular Java Web serverframework. Unfortunately, however, a security researcher in the Struts 2 on found a remote code execution vulnerability. Currently the Apache official published announcement, the vulnerability risk level is high risk. The black bar safety...

Apache Struts2 Remote Code Execution Vulnerability

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source framework for creating enterprise-class Java Web applications. A security vulnerability exists in Apache Struts versions 2.0.0 through 2.3.24.1, which stems from the program performi...

Apache Struts I18NInterceptor Cross-Site Scripting Vulnerability

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source framework for creating enterprise-class Java Web applications . I18NInterceptor is used in one of the internationalization interceptor . A cross-site scripting vulnerability exists i...

Apache Struts 2 跨站脚本漏洞 (S2-030)

No description provided by source...

VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)

The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Apache Struts - glibc - GnuTLS - JRE - kernel - libxml2 - OpenSSL - Perl - popt and...

Apache Struts Security Bypass Vulnerability (CNVD-2016-01256)

Apache Struts is an open source framework for creating enterprise Java Web applications. A security vulnerability exists in Apache Struts where specific top objects can be used to access strtus' internals, allowing an attacker to bypass security restrictions and perform unauthorized operations...

Apache Struts 2.x < 2.3.24.1 Multiple Vulnerabilities (S2-026) (S2-027)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.24.1. It, therefore, is affected by multiple vulnerabilities including a remote command execution vulnerability and an open redirect vulnerability. Note that Nessus has not tested for these issues but has instead relied...

SOL17563 - Apache Struts vulnerability CVE-2015-2992

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL17449 - Apache Struts 2 vulnerability CVE-2015-5169

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

Apache Struts Cross-Site Scripting Vulnerability (CNVD-2015-06370)

Apache Struts is an open source framework for creating enterprise Java Web applications. Apache Struts debug mode suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain...

Apache Struts Cross-Site Scripting Vulnerability

Apache Struts is an open source framework for creating enterprise Java Web applications. Apache Struts suffers from a cross-site scripting vulnerability when the JSP is directly accessible, allowing remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be...

MGASA-2015-0351 Updated struts packages fix CVE-2015-0899

Updated struts packages fix security vulnerability: The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. Whe...

Apache Struts vulnerable to cross-site scripting

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a cross-site scripting vulnerability when devMode is left turned on. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC...

Apache Struts vulnerable to cross-site scripting

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Apache Struts is vulnerable to cross-site scripting when JSP files can be accessed directly. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this...

JVN#95989300: Apache Struts vulnerable to cross-site scripting

Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a cross-site scripting vulnerability when devMode is left turned on. Impact An arbitrary script may be executed on the user's web browser. Solution Update th...

JVN#88408929: Apache Struts vulnerable to cross-site scripting

Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Apache Struts is vulnerable to cross-site scripting when JSP files can be accessed directly. Impact An arbitrary script may be executed on the user's Internet Explorer when the...

Debian DLA-292-1 : libstruts1.2-java security update

The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validator is used, the web...