SOL16334 - Apache Struts vulnerability CVE-2013-4316

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

JVN#86448949: The Validator in TERASOLUNA Server Framework for Java(WEB) vulnerable to input validation bypass

The Validator in Apache Struts 1.1 and later contains a function MPV -- Multi Page Validator to efficiently define rules for input validation across multiple pages during screen transitions. The MPV contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validato...

Apache Struts 2.0.0 < 2.3.16.1 Multiple Vulnerabilities (credentialed check) (Deprecated)

This plugin has been deprecated and replaced by struts23161.nasl plugin ID 117393. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 9/12/2018. Use struts23161.nasl instead include'compat.inc'; if description scriptid81105; scriptversion"1.8";...

OGNL Double Evaluation Vulnerability

We have discovered and fixed a vulnerability in our fork of one of Apache Struts libraries. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Bamboo web interface. All versions of Bamboo up t...

OGNL Double Evaluation Vulnerability

We have discovered and fixed a vulnerability in our fork of one of Apache Struts libraries. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Bamboo web interface. All versions of Bamboo up t...

[ANN] Apache Struts 2.3.20 GA release available with security fix

The Apache Struts group is pleased to announce that Apache Struts 2.3.20 is available as a "General Availability" release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is...

CVE-2014-7809

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism...

CVE-2014-7809

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism...

Cross site request forgery (csrf)

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism...

CVE-2014-7809

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism...

CVE-2014-7809

CVE-2014-7809 affects Apache Struts 2.0.0–2.3.x with predictable values, enabling remote CSRF bypass. Connected IBM advisories confirm impact on IBM FlashSystem 840/V840-AC0/AC1 nodes and IBM SAN Storwize, IBM Sterling Order Management, Call Center, and related products where Struts is used as p...

Apache Struts 2 Multiple Vulnerabilities (S2-023) (S2-025)

The remote web server is using a version of Struts 2 that is affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to the token generator failing to adequately randomize the token values. An attacker can exploit this issue by extracting a token from a form...

IBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF29 Multiple Vulnerabilities

The version of IBM WebSphere Portal installed on the remote host is 7.0.0.x prior to 7.0.0.2 CF29. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the...

IBM WebSphere Portal 8.5.0 < 8.5.0 CF02 Multiple Vulnerabilities

The version of IBM WebSphere Portal installed on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the 'class' parameter of an ActionForm object to...

RHEL 6 : struts (RHSA-2014:0500)

Updated struts packages that fix one security issue are now available for Red Hat Network Satellite 5.4 and 5.5, and Red Hat Satellite 5.6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which...

Oracle Adaptive Access Manager Server Arbitrary Code Execution (October 2014 CPU)

The remote Oracle Adaptive Access Manager installation is missing a vendor supplied update that fixes a flaw in Apache Struts which allows remote attackers to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

VMware Security Updates for vCenter Server (VMSA-2014-0008)

The VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities in third party libraries : - The bundled version of Apache Struts contains a code execution flaw. Note...

VMSA-2014-0008 : VMware vSphere product updates to third-party libraries

a. vCenter Server Apache Struts Update The Apache Struts library is updated to address a security issue. This issue may lead to remote code execution after authentication. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the identifier CVE-2014-0114 to this issue. b...

VMware Security Updates for vCenter Server (VMSA-2014-0008)

VMware has updated vSphere third party libraries. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vmware:vcenterserver";...

VMware ESXi product updates to third party libraries (VMSA-2014-0008)

VMware has updated vSphere third party libraries. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...