1986 matches found
CVE-2013-2135
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "$" and "%" sequences, which causes the OGNL code to be evaluated twice...
Apache Struts 2.2.3 - Multiple Open Redirections
Apache Struts 2.2.3 - Multiple Open Redirections source: https://www.securityfocus.com/bid/61196/info Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can leverage these issues by constructing a...
Apache Struts 2.2.3 - Multiple Open Redirections
source: https://www.securityfocus.com/bid/61196/info Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can leverage these issues by constructing a crafted URI and enticing a user to follow it. Wh...
[ANN] Struts 2.3.14.1 GA (fast track | security)
The Apache Struts group is pleased to announce that Struts 2.3.14.1 is available as a "General Availability" release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed...
[ANN] Struts 2.3.14.3 GA (fast-track) release available
The Apache Struts group is pleased to announce that Struts 2.3.14.3 is available as a "General Availability" release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed...
CVE-2013-1965
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect...
CVE-2013-2115
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966...
CVE-2013-1966
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...
CVE-2013-1965
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect...
Design/Logic Flaw
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect...
Code injection
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...
Code injection
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966...
CVE-2013-1966
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...
CVE-2013-1965
CVE-2013-1965 affects Apache Struts 2, specifically the Struts Showcase App 2.0.0 through 2.3.13 (Struts 2 before 2.3.14.3). The vulnerability allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is mishandled during a redirect, enabling remote code execution o...
CVE-2013-1965
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect...
CVE-2013-2115
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966...
CVE-2013-2115
CVE-2013-2115 is an Apache Struts 2 remote code execution vulnerability. It allows an attacker to run OGNL code by sending a crafted request that is mishandled when includeParams is used in either the URL or an A tag, stemming from an incomplete fix for CVE-2013-1966. Connected IBM advisories ind...
Apache Struts 2 Crafted Parameter Arbitrary OGNL Expression Remote Command Execution
The remote web application appears to use Struts 2, a web framework that utilizes OGNL Object-Graph Navigation Language as an expression language. Due to a flaw in the evaluation of an OGNL expression, a remote, unauthenticated attacker can exploit this issue to execute arbitrary commands on the...
Apache Struts OGNL表达式注入漏洞(CVE-2013-2134)
BUGTRAQ ID: 60346 CVECAN ID: CVE-2013-2134 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。它是WebWork和Struts社区合并后的产物。 Apache Struts 2.0.0-2.3.14.3存在远程OGNL表达式注入漏洞,远程攻击者可利用此漏洞操作服务器端对象并在受影响应用上下文中执行任意命令。此漏洞源于通配符匹配错误。 0 Apache Group Struts 2.x 厂商补丁: Apache Group ------------ Apache...
struts 2.3.14.2 命令执行漏洞
Apache Struts框架是一个基于Java Servlets,JavaBeans和JavaServer PagesJSP的Web应用框架的开源项目,Struts基于Model-View-ControllerMVC的设计模式,可以用来构件复杂的Web应用.Apache Struts 2.3.14.3(不含)以前版本中, 利用Action名字的模糊匹配特性可以触发命令执行攻击。 Struts 2.3.14.3...