Lucene search
K

1986 matches found

EUVD
EUVD
added 2012/09/05 11:0 p.m.5 views

EUVD-2022-4209

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service CPU consumption via a long parameter name, which is processed as an OGNL expression...

5CVSS9AI score0.08353EPSS
Exploits0References12
Cvelist
Cvelist
added 2012/09/05 11:0 p.m.34 views

CVE-2012-4387

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service CPU consumption via a long parameter name, which is processed as an OGNL expression...

9.1AI score0.08353EPSS
Exploits0References7
seebug.org
seebug.org
added 2012/09/04 12:0 a.m.24 views

Apache Group Struts 2.x跨站请求伪造和拒绝服务漏洞

Apache Struts是一款开发Java web应用程序的开源Web应用框架。 Apache Struts 2.3.4.1之前版本存在安全漏洞,可被恶意用户利用执行跨站请求伪造和拒绝服务攻击。 1)令牌处理机制没有正确验证令牌名称配置参数,通过操作令牌值参数为会话属性值,该漏洞可被利用执行跨站请求伪造攻击。 2)在处理请求参数时的错误可被利用消耗CPU资源,通过包含OGNL表达式的参数名称可造成拒绝服务。 0 Apache Group Struts 2.x 厂商补丁: Apache Group ------------ Apache...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2012/08/31 12:0 a.m.73 views

VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.

The remote ESXi is missing one or more security related Updates from VMSA-2012-0013. Summary VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities. Relevant releases VMware vCenter 4.1 without Update 3 VMware vCenter Update Manager 4.1...

10CVSS0.3AI score0.98113EPSS
Exploits50References1
Tenable Nessus
Tenable Nessus
added 2012/08/31 12:0 a.m.101 views

VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries

a. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle Sun JRE is updated to version 1.6.031, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCente...

9.8CVSS8.1AI score0.96787EPSS
Exploits58References42
OpenVAS
OpenVAS
added 2012/08/31 12:0 a.m.43 views

Apache Struts Security Update (S2-012) - Active Check

Apache Struts is prone to a java method execution vulnerability. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

9.3CVSS8.4AI score0.93813EPSS
Exploits1References8
Saint
Saint
added 2012/08/02 12:0 a.m.55 views

Apache Struts 2 ConversionErrorInterceptor Java Injection

Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...

9.3CVSS8.8AI score0.75071EPSS
Exploits11
Saint
Saint
added 2012/08/02 12:0 a.m.50 views

Apache Struts 2 ConversionErrorInterceptor Java Injection

Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...

9.8CVSS8.8AI score0.75071EPSS
Exploits11
Saint
Saint
added 2012/08/02 12:0 a.m.49 views

Apache Struts 2 ConversionErrorInterceptor Java Injection

Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...

9.3CVSS8.8AI score0.75071EPSS
Exploits11
Saint
Saint
added 2012/08/02 12:0 a.m.41 views

Apache Struts 2 ConversionErrorInterceptor Java Injection

Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...

9.8CVSS8.8AI score0.75071EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2012/07/23 12:0 a.m.52 views

Apache Struts 2 struts2-showcase edit-person.action Persistent XSS

The remote web server hosts struts2-showcase, a demonstration application for the Struts 2 framework. Input passed via the 'name' and 'lastName' parameters to 'edit-person.action' is not properly sanitized, which can allow for arbitrary HTML and script code to be loaded onto the system and execut...

4.3CVSS8.7AI score0.58476EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2012/07/23 12:0 a.m.144 views

Apache Struts struts-cookbook processSimple.do message Parameter XSS

The remote web server hosts struts-cookbook, a demonstration application for the Struts framework. Input passed via the 'message' parameter to the 'processSimple.do' page is not properly sanitized before using it to generate dynamic HTML. By tricking someone into clicking on a specially crafted...

4.3CVSS7.8AI score0.337EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2012/07/23 12:0 a.m.54 views

Apache Struts struts-examples upload-submit.do 'theText' Parameter XSS

The remote web server hosts struts-examples, a demonstration application for the Struts framework. Input passed via the 'theText' POST parameter to the 'upload-submit.do' page is not properly sanitized before using it to generate dynamic HTML. By tricking a user into clicking on a specially craft...

4.3CVSS7.8AI score0.337EPSS
Exploits1References3
Check Point Advisories
Check Point Advisories
added 2012/06/25 12:0 a.m.6 views

Apache Struts 2 CookieInterceptor OGNL Script Injection (CVE-2012-0392)

A code execution vulnerability has been reported in Apache Struts 2...

9.3AI score0.96787EPSS
Exploits1
Metasploit
Metasploit
added 2012/06/09 7:53 p.m.63 views

Apache Struts Remote Command Execution

This module exploits a remote command execution vulnerability in Apache Struts versions 'Apache Struts Remote Command Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Apache Struts versions 'Johannes Dahse', Vulnerability discovery and PoC 'Andreas...

9.8CVSS7.8AI score0.75071EPSS
Exploits11
seebug.org
seebug.org
added 2012/06/05 12:0 a.m.33 views

Apache Struts 2.2.1.1 Remote Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score0.75071EPSS
Exploits11
0day.today
0day.today
added 2012/06/05 12:0 a.m.43 views

Apache Struts 2.2.1.1 Remote Command Execution

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

7.1AI score0.75071EPSS
Exploits11
Packet Storm
Packet Storm
added 2012/06/05 12:0 a.m.57 views

Apache Struts 2.2.1.1 Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Apache Struts %q This module exploits...

9.3CVSS0.3AI score0.75071EPSS
Exploits11
Exploit DB
Exploit DB
added 2012/06/05 12:0 a.m.54 views

Apache Struts 2.2.1.1 - Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Apache Struts %q This module exploits...

9.8CVSS7AI score0.75071EPSS
Exploits11
Check Point Advisories
Check Point Advisories
added 2012/05/14 12:0 a.m.65 views

Apache Struts 2 ParametersInterceptor OGNL Command Execution (CVE-2011-3923)

A command execution vulnerability has been reported in Apache Struts 2...

9.1AI score0.88829EPSS
Exploits16
Rows per page
Query Builder