DLA-292-1 libstruts1.2-java - security update

Bulletin has no description...

SOL17126 - Apache Struts vulnerability CVE-2014-7809

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

CVE-2015-1831

The default exclude patterns excludeParams in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors...

Default credentials

The default exclude patterns excludeParams in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors...

CVE-2015-1831

The default exclude patterns excludeParams in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors...

CVE-2015-1831

CVE-2015-1831 concerns Apache Struts 2.3.20, where misleading default excludeParams could let an attacker alter an application’s internal state. IBM advisories list affected IBM storage platforms (FlashSystem 900/ V840/ V9000 and Storwize families) with fixes in specific code levels (e.g., FlashS...

SOL16827 - Apache Struts vulnerability CVE-2015-1831

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

Apache Struts Remote Command Execution - Ver2 (CVE-2013-2251)

A code execution vulnerability exists in Apache Struts Object-Graph Navigation Language OGNL expressions. The vulnerability is due to the failure of DefaultActionMapper to sanitize input following "action:", "redirect:" or "redirectAction:" expressions leading to code injection. A remote attacker...

Apache Struts Security Restriction Bypass Vulnerability

Apache Struts is an open source architecture for building Java web applications. An input validation bypass vulnerability exists in the MultiPageValidator function in Apache Struts versions prior to 1.2.9 SP2. An attacker can exploit this vulnerability to bypass security restrictions and perform...

Apache Struts 2.3.20 Incorrect Default Exclude Pattern (S2-024)

The remote web server is using Apache Struts version 2.3.20. It is, therefore, affected by an issue where the default exclude patterns are incorrect when using default settings. This allows a remote attacker to impact the internal application's state. Note that Nessus has not tested for this issu...

Oracle WebCenter Sites Multiple Vulnerabilities (April 2015 CPU)

The Oracle WebCenter Sites installed on the remote host is missing patches from the April 2015 CPU. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker,...

Apache Struts Exclude mode Vulnerability(CVE-2 0 1 5-1 8 3 1)-vulnerability warning-the black bar safety net

Affected system: The Apache Group Struts 2.3.20 Not affected system: The Apache Group Struts 2.3.20.1 Description: CVECAN ID: CVE-2 0 1 5-1 8 3 1 Struts is for building Web applications of open source. Struts 2.3.20 using the wrong default the exclude mode, If enabled the default setting, the err...

MySQL Enterprise Monitor < 2.3.14 Apache Struts Multiple Vulnerabilities

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by the multiple vulnerabilities in the bundled version of Apache Struts : - Input validation errors exist that allows the execution of arbitrary Object-Graph Navigation Language OGNL...

MySQL Enterprise Monitor 3.0.x < 3.0.19 Apache Struts Predictable Token XSRF

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host may be affected by a cross-site request forgery vulnerability due to the token generator failing to adequately randomize the token values. A remote attacker can exploit this by extracting a token from ...

MySQL Enterprise Monitor 3.0.x < 3.0.5 Apache Struts DMI Multiple Vulnerabilities

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple unspecified vulnerabilities related to dynamic method invocation DMI in the bundled version of Apache Struts. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

MySQL Enterprise Monitor < 2.3.20 Apache Struts Predictable Token XSRF

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host may be affected by a cross-site request forgery vulnerability due to the token generator failing to adequately randomize the token values. A remote attacker can exploit this by extracting a token from ...

MySQL Enterprise Monitor < 2.3.17 Multiple Vulnerabilities

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker, using a crafted...

MySQL Enterprise Monitor 3.0.x < 3.0.11 Multiple Vulnerabilities

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker, using a crafted...

The vulnerability of the Apache Struts software platform, related to the use of predictable values of <s:token/>, allows a remote attacker to perform a CSRF attack.

The vulnerability of the Apache Struts software platform is related to the use of predictable values for the tag. Exploiting this vulnerability could allow a remote attacker to execute a CSRF attack...

JVN#91383083: Seasar S2Struts vulnerable to input validation bypass

The Validator in Apache Struts 1.1 and later contains a function MPV -- Multi Page Validator to efficiently define rules for input validation across multiple pages during screen transitions. The MPV contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validato...