Apache-Struts DefaultActionMapper < 2.3.15.1 RCE Linux

Apache-Struts2 RCE Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Apache-Struts IncludeParams < 2.3.14.2 RCE Linux

Apache-Struts2 / OpenSymphony-Xwork RCE Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Apache-Struts Showcase < 2.3.14.1 RCE Linux

Apache Struts Crafted Parameter Arbitrary OGNL Code Execution Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Apache Struts XWork Error Page Multiple Cross-Site Scripting (CVE-2011-1772)

A Cross-Site Scripting vulnerability has been reported in Apache Struts. The vulnerabilities are due to unsanitized parameters in various automatically generated error pages. A remote attacker can exploit these vulnerabilities by enticing a victim to follow a specially crafted link. Successful...

[ANN] Struts 2.3.15.2 GA release available - security fix

The Apache Struts group is pleased to announce that Struts 2.3.15.2 is available as a "General Availability" release.The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed ...

CVE-2013-4310

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix...

CVE-2013-4316

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors...

CVE-2013-4316

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors...

CVE-2013-4310

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix...

Design/Logic Flaw

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix...

Default configuration

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors...

EUVD-2022-4896

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix...

CVE-2013-4310

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix...

CVE-2013-4316

CVE-2013-4316 affects Apache Struts 2.0.0–2.3.15.1, where Dynamic Method Invocation is enabled by default, enabling remote code execution with OGNL-parameter crafted requests. The IBM and related advisories confirm this vulnerability and reference the same CVE, describing the impact as remote cod...

Apache Struts 2 'action:' Parameter Prefix Security Constraint Bypass

The remote web application appears to use Struts 2, a web framework used for creating Java web applications. The version of Struts 2 in use is affected by a security constraint bypass vulnerability due to a flaw in the action mapping mechanism. Under certain unspecified conditions, an attacker...

Apache Struts 远程代码执行漏洞(CVE-2013-4316)

BUGTRAQ ID: 62587 CVECAN ID: CVE-2013-4316 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。 Apache Struts 2.3.15.2之前版本的“Dynamic Method Invocation”机制是默认开启的，仅提醒用户如果可能的情况下关闭此机制，这样就存在远程代码执行漏洞，远程攻击者可利用此漏洞在受影响应用上下文中执行任意代码。 0 Apache Group Struts 2.3.15.2 厂商补丁： Apache Group ------------ Apache...

Apache Struts 安全措施绕过漏洞

BUGTRAQ ID: 62584 CVECAN ID: CVE-2013-4310 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。 Apache Struts 2.0.0-2.3.15.1的操作映射机制支持特殊参数前缀操作，这样有可能会在表格底部附加引导信息，在映射 "action:" 前缀操作时存在安全绕过漏洞，可被利用绕过某些安全限制，访问受限制功能。 0 Apache Group Struts 2.3.15.2 厂商补丁： Apache Group ------------ Apache...

Struts2 Prefixed Parameters Open Redirect Vulnerability

CVE Number: CVE-2013-2248 Title: Struts2 Prefixed Parameters Open Redirect Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was released which fixes this vulnerability Issue ID by Vender: S2-017...

Struts2 Prefixed Parameters OGNL Injection Vulnerability

CVE Number: CVE-2013-2251 Title: Struts2 Prefixed Parameters OGNL Injection Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was released which fixes this vulnerability Issue ID by Vender: S2-016...

Apache Struts vulnerable to remote command execution

Overview Apache Struts contains a remote command execution vulnerability. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a remote command execution vulnerability. This issue is the same issue that the...