1986 matches found
Apache-Struts < 2.2.0 RCE Windows
Apache-Struts2 / OpenSymphony-Xwork RCE Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Apache Struts 2 Multiple Remote Code Execution and File Overwrite Vulnerabilities (safe check) (deprecated)
This plugin has been deprecated due to relying on a timing based check that is prone to false positives. A local plugin will be added that covers this CVE. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2020/11/18 due to timing based false positives. Local plugin added to replace CVE...
Apache Struts remote command execution and arbitrary file overwrite vulnerabilities-vulnerability warning-the black bar safety net
Release Date: 2 0 1 2 year 0 1 month 0 8 day Affected Software and systems Apache Struts 2.3.1 and following versions Vulnerability description Apache Struts is a development of Java Web application open source Web application framework. Apache Struts in the realization of the presence of the...
CVE-2011-5057
Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an...
Design/Logic Flaw
Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an...
CVE-2011-5057
Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an...
CVE-2011-5057
Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an...
CVE-2011-5057
CVE-2011-5057 affects Apache Struts 2.3.1.2 and earlier (2.3.19–2.3.23). The issue arises from interfaces such as SessionAware/RequestAware not properly restricting access to session/request collections, enabling a remote attacker to modify runtime data via crafted parameters. Vendor notes (and s...
CVE-2012-0391
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter...
CVE-2012-0393
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...
CVE-2012-0392
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...
CVE-2012-0394
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself...
CVE-2012-0394
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself...
CVE-2012-0391
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter...
CVE-2012-0392
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...
CVE-2012-0393
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...
Security feature bypass
DISPUTED The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."...
Security feature bypass
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...
Code injection
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter...
Design/Logic Flaw
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...