Apache Struts < 2.2.0 - Remote Command Execution (Metasploit)

$Id: strutscodeexec.rb 13586 2011-08-19 05:59:32Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Apache Struts Security Update (S2-006) - Active Check

Apache Struts is prone to multiple vulnerabilities. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apache Struts2 'XWork' Information Disclosure Vulnerability

This host is running Apache Struts and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbapachestrutsxworkinfodiscvuln.nasl 5497 2017-03-06 10:23:23Z teissa $ Apache Struts2 'XWork' Information Disclosure Vulnerability Authors: Antu Sanadi Copyright: Copyright c...

Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure

Security Advisory: MVSA-11-007 http://www.ventuneac.net/security-advisories/MVSA-11-007 CVE: CVE-2011-2088 Vendors: Apache Software Foundation, OpenSymphony Products: Struts 2, XWork , WebWork Vulnerabilities: Java Class Path Information Disclosure Risk: Medium Attack Vector: From Remote...

CVE-2011-2088

XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772....

CVE-2011-2087

Multiple cross-site scripting XSS vulnerabilities in component handlers in the javatemplates aka Java Templates plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of...

CVE-2011-1772

Multiple cross-site scripting XSS vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 an action name, 2 the action attribute of an s:submit element, or 3 t...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in component handlers in the javatemplates aka Java Templates plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 an action name, 2 the action attribute of an s:submit element, or 3 t...

Security feature bypass

XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772....

CVE-2011-2087

Multiple cross-site scripting XSS vulnerabilities in component handlers in the javatemplates aka Java Templates plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of...

CVE-2011-2088

XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772....

CVE-2011-2088

CVE-2011-2088 affects XWork (Apache Struts 2.2.1 / OpenSymphony XWork) where XWork-generated error pages could reveal internal Java class path information via an s:submit element and a nonexistent method. This is tied to the CVE-2011-1772 family and is described as a separate vulnerability relate...

Apache Struts XWork 's:submit' HTML标签跨站脚本漏洞

ugtraq ID: 47784 CVE ID：CVE-2011-1772 Apache Struts是一款建立Java web应用程序的开放源代码架构。 通过使用BASH语法的"s:submit"标签传递的Action或方法名，如果没有进行定义，在用于生成错误页面之前，XWork没有对其进行正确过滤。攻击者可以利用漏洞在目标用户浏览器上执行任意HTML和脚本代码。 成功利用漏洞需要启用Dynamic Method Invocation默认启用。 Apache Software Foundation Struts 2.2.1 1 Apache Software Foundation...

Apache Struts 2 Multiple Reflected XSS in XWork error pages

Security Advisory: MVSA-11-006 CVE: CVE-2011-1772 Vendor: Apache Software Foundation Product: Struts 2 Framework Vulnerabilities: Multiple Reflected XSS in XWork error pages Risk: High Attack Vector: From Remote Authentication: Not Required References: -...

Apache Struts 2.0.0 2.2.1.1 - XWork s:submit HTML Tag Cross-Site Scripting

Apache Struts 2.0.0 2.2.1.1 - XWork s:submit HTML Tag Cross-Site Scripting source: https://www.securityfocus.com/bid/47784/info Apache Struts is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Successful exploitation requires 'Dynamic...

Apache Struts 2.0.0 < 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting

source: https://www.securityfocus.com/bid/47784/info Apache Struts is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Successful exploitation requires 'Dynamic Method Invocation' to be enabled by default. An attacker may leverage this...

VMware vCenter Orchestrator和Alive Enterprise远程代码执行漏洞

CVE ID: CVE-2010-1870 VMware vCenter Orchestrator是自动管理任务的应用程序。Alive Enterprise是监管进程的应用程序。 VMware vCenter Orchestrator和Alive Enterprise在实现上存在远程代码执行漏洞，两个产品中都嵌入了第三方组件Apache Struts，此组件中的远程代码执行漏洞可允许恶意用户绕过ParametersInterceptor内的''-usage保护，使服务器端context对象受控。 VMWare VMware vCenter Orchestrator 4.1 VMWare...

VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability

a. Vulnerability in third party Apache Struts componentVMware vCenter Orchestrator is an application to automate management tasks. Alive Enterprise is an application to monitor processes. Both products embed Apache Struts which is a third party component.The following vulnerability has been...

VMSA-2011-0005:VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability

VMSA-2011-0005.3 VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0005.3 VMware Security Advisory Synopsis: VMware vCenter Orchestrator and Alive Enterprise remote code execution...