1986 matches found
CVE-2014-0116
CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...
CVE-2014-0116
Apache Struts 2.x vulnerable to ClassLoader manipulation via CookieInterceptor (getClass access) when using wildcard cookiesName, allowing remote code execution. Affects Struts 2.x before 2.3.20 (and multiple related CVEs linked to the same class loader flaw, including CVE-2014-0112 and CVE-2014-...
Apache Struts ClassLoader Manipulation
The remote web application appears to use Struts, a web application framework. The version of Struts in use contains a flaw that allows the manipulation of the ClassLoader via the 'class' parameter of an ActionForm object that results a denial of service. Note that this vulnerability may be...
Struts2 then exposed S2-0 2 0 patch bypass vulnerability – evil regular expressions-vulnerability warning-the black bar safety net
4 on 2 to 4 November, the network exposed in the article“Security researchers noted that the Apache Struts2 vulnerability Bulletin S2-0 2 0, in process repair CVE-2 0 1 4-0 0 9 4 bug fixes program vulnerability exists, resulting patch is completely bypassed.” Affected products: Struts 2.0.0 –...
Important: Red Hat Security Advisory: struts security update
Updated struts packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Apache Struts multiple security vulnerabilities
Few ClassLoader manipulation vulnerabilities with potential RCE impact...
[ANN] Struts 2.3.16.3 GA release available - security fix
The Apache Struts group is pleased to announce that Struts 2.3.16.3 is available as a "General Availability" release.The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed ...
Struts2 远程命令执行
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module...
Apache Struts ClassLoader Manipulation Remote Code Execution Exploit
This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Apache Struts versions 'Mark Thomas', Vulnerabilit...
[ANN] Struts 2.3.16.2 GA release available - security fix
The Apache Struts group is pleased to announce that Struts 2.3.16.2 is available as a "General Availability" release.The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed ...
Apache Struts ClassLoader Manipulation Remote Code Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module exploits a remote command execution...
[ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact
As confirmed in our last announcement, the Apache Struts 1 framework in all versions is affected by a ClassLoader manipulation vulnerability CVE-2014-0114 similar to a recently fixed vulnerability in Struts 2 CVE-2014-0112, CVE-2014-0094 1. Thanks to the efforts of Alvaro Munoz and the HP Fortify...
[ANN][SECURITY] ClassLoader manipulation issue confirmed for Struts 1 - CVE-2014-0114
The Apache Struts project team confirms that Struts 1 in all versions is affected by a ClassLoader manipulation vulnerability similar to a recently fixed vulnerability in Struts 2 CVE-2014-0112, CVE-2014-0094 1. This is a different underlying flaw. For future reference, please use CVE-2014-0114 i...
Apache Struts - ClassLoader Manipulation Remote Code Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module exploits a remote command execution...
CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
Code injection
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
PT-2014-1716 · Apache +5 · Apache Struts +6
Name of the Vulnerable Software and Affected Versions: Apache Commons BeanUtils versions 1.8.0 through 1.9.2 Apache Struts versions 1.x through 1.3.10 Description: The issue allows remote attackers to manipulate the ClassLoader and execute arbitrary code via the class parameter. This can be...