1986 matches found
EUVD-2022-4209
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service CPU consumption via a long parameter name, which is processed as an OGNL expression...
CVE-2012-4387
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service CPU consumption via a long parameter name, which is processed as an OGNL expression...
Apache Group Struts 2.x跨站请求伪造和拒绝服务漏洞
Apache Struts是一款开发Java web应用程序的开源Web应用框架。 Apache Struts 2.3.4.1之前版本存在安全漏洞,可被恶意用户利用执行跨站请求伪造和拒绝服务攻击。 1)令牌处理机制没有正确验证令牌名称配置参数,通过操作令牌值参数为会话属性值,该漏洞可被利用执行跨站请求伪造攻击。 2)在处理请求参数时的错误可被利用消耗CPU资源,通过包含OGNL表达式的参数名称可造成拒绝服务。 0 Apache Group Struts 2.x 厂商补丁: Apache Group ------------ Apache...
VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.
The remote ESXi is missing one or more security related Updates from VMSA-2012-0013. Summary VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities. Relevant releases VMware vCenter 4.1 without Update 3 VMware vCenter Update Manager 4.1...
VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
a. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle Sun JRE is updated to version 1.6.031, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCente...
Apache Struts Security Update (S2-012) - Active Check
Apache Struts is prone to a java method execution vulnerability. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Apache Struts 2 ConversionErrorInterceptor Java Injection
Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...
Apache Struts 2 ConversionErrorInterceptor Java Injection
Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...
Apache Struts 2 ConversionErrorInterceptor Java Injection
Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...
Apache Struts 2 ConversionErrorInterceptor Java Injection
Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...
Apache Struts 2 struts2-showcase edit-person.action Persistent XSS
The remote web server hosts struts2-showcase, a demonstration application for the Struts 2 framework. Input passed via the 'name' and 'lastName' parameters to 'edit-person.action' is not properly sanitized, which can allow for arbitrary HTML and script code to be loaded onto the system and execut...
Apache Struts struts-cookbook processSimple.do message Parameter XSS
The remote web server hosts struts-cookbook, a demonstration application for the Struts framework. Input passed via the 'message' parameter to the 'processSimple.do' page is not properly sanitized before using it to generate dynamic HTML. By tricking someone into clicking on a specially crafted...
Apache Struts struts-examples upload-submit.do 'theText' Parameter XSS
The remote web server hosts struts-examples, a demonstration application for the Struts framework. Input passed via the 'theText' POST parameter to the 'upload-submit.do' page is not properly sanitized before using it to generate dynamic HTML. By tricking a user into clicking on a specially craft...
Apache Struts 2 CookieInterceptor OGNL Script Injection (CVE-2012-0392)
A code execution vulnerability has been reported in Apache Struts 2...
Apache Struts Remote Command Execution
This module exploits a remote command execution vulnerability in Apache Struts versions 'Apache Struts Remote Command Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Apache Struts versions 'Johannes Dahse', Vulnerability discovery and PoC 'Andreas...
Apache Struts 2.2.1.1 Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Apache Struts 2.2.1.1 Remote Command Execution
Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...
Apache Struts 2.2.1.1 Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Apache Struts %q This module exploits...
Apache Struts 2.2.1.1 - Remote Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Apache Struts %q This module exploits...
Apache Struts 2 ParametersInterceptor OGNL Command Execution (CVE-2011-3923)
A command execution vulnerability has been reported in Apache Struts 2...