CVE-2012-0391

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter...

CVE-2012-0391

CVE-2012-0391 affects Apache Struts 2 before 2.2.3.1, where the ExceptionDelegator interprets parameter values as OGNL expressions during certain exception handling for mismatched data types, enabling remote code execution via a crafted parameter. Multiple sources (CVE entry, CISA KEV, GHSA advis...

CVE-2012-0393

CVE-2012-0393 concerns Apache Struts 2.x. The vulnerability lies in the ParameterInterceptor component not preventing access to public constructors, allowing a remote attacker to cause the creation of Java objects and thus “trigger” the creation or overwrite of arbitrary files via a crafted param...

CVE-2012-0394

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself...

CVE-2012-0391

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter...

CVE-2012-0392

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...

CVE-2012-0393

The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...

CVE-2012-0391

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter. Recent assessments:...

PT-2012-2538 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts versions prior to 2.3.1.1 Description: The issue allows remote attackers to execute arbitrary commands via unspecified vectors when the DebuggingInterceptor component is used in developer mode. The vendor characterizes this...

Apache Struts远程命令执行和任意文件覆盖漏洞

Bugtraq ID: 51257 Apache Struts是一款建立Java web应用程序的开放源代码架构。 Apache Struts存在安全漏洞，允许攻击者利用漏洞执行任意命令或覆盖任意文件 -Apache Struts存在一个输入过滤错误，如果遇到转换错误可被利用注入和执行任意Java代码。 -当处理COOKIE名称过程中CookieInterceptor类没有正确限制对某些静态模式的访问，可被利用执行任意命令。 -部分未明输入在用于创建文件之前没有由ParameterInterceptor进行正确过滤，可被利用通过目录遍历攻击创建或覆盖任意文件。 0 Apache Stru...

Apache Struts vulnerable to cross-site scripting

Overview Apache Struts may create web applications that contain a cross-site scripting vulnerability. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts may create web applications that contain a cross-site scripting...

JVN#25435092: Apache Struts vulnerable to cross-site scripting

Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts may create web applications that contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update t...

Apache Struts session tampering with the security restrictions bypass vulnerability-vulnerability warning-the black bar safety net

Release date: 2011-01-01 Update date: 2011-12-16 Affected system: The Apache Group Struts 2.1.8 .1 The Apache Group Struts 2.0.9 Description: -------------------------------------------------------------------------------- BUGTRAQ ID: 5 0 9 4 0 Apache Struts is a development of Java web...

Apache Struts会话篡改安全限制绕过漏洞

BUGTRAQ ID: 50940 Apache Struts是一款开发Java web应用程序的开源Web应用框架。 Apache Struts在实现上存在安全限制绕过漏洞，成功攻击可允许攻击者绕过安全限制获取非法访问权 Apache Struts 2.1.8 .1 Apache Struts 2.0.9 厂商补丁： Apache Group ------------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://httpd.apache.org/...

Apache Struts会话篡改安全绕过漏洞

Bugtraq ID: 50940 Apache Struts是一款建立Java web应用程序的开放源代码架构 Apache Struts存在安全漏洞，允许恶意用户绕过部分安全限制。 org.apache.struts2.interceptor.SessionAware或org.apache.struts2.interceptor.RequestAware接口没有正确阻止对会话映射的访问，可被利用向使用组合自动绑定接口的应用程序发送特制请求，可更改会话映射 Apache Software Foundation Struts 2.1.8 .1 Apache Software...

Apache Struts 2.0.9/2.1.8 - Session Tampering Security Bypass

source: https://www.securityfocus.com/bid/50940/info Apache Struts is prone to a security-bypass vulnerability that allows session tampering. Successful attacks will allow attackers to bypass security restrictions and gain unauthorized access. Apache Struts versions 2.0.9 and 2.1.8.1 are...

Apache Struts 2.0.92.1.8 - Session Tampering Security Bypass

Apache Struts 2.0.92.1.8 - Session Tampering Security Bypass source: https://www.securityfocus.com/bid/50940/info Apache Struts is prone to a security-bypass vulnerability that allows session tampering. Successful attacks will allow attackers to bypass security restrictions and gain unauthorized...

Apache Struts < 2.2.0 Remote Command Execution

No description provided by source. $Id: strutscodeexec.rb 13586 2011-08-19 05:59:32Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

Apache Struts < 2.2.0 Remote Command Execution

Exploit for multiple platform in category remote exploits $Id: strutscodeexec.rb 13586 2011-08-19 05:59:32Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information ...

Apache Struts < 2.2.0 Remote Command Execution

$Id: strutscodeexec.rb 13586 2011-08-19 05:59:32Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...