GHSA-43MQ-6XMG-29VM Apache Struts file upload logic is flawed

File upload logic is flawed vulnerability in Apache Struts. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from...

Apache Struts file upload logic is flawed

File upload logic is flawed vulnerability in Apache Struts. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from...

CVE-2024-53677

File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before...

CVE-2024-53677

File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before...

CVE-2024-53677

CVE-2024-53677 affects Apache Struts 2 (from 2.0.0 up to, but not including, 6.4.0). The root cause is flawed file upload logic that can be manipulated to enable path traversal, potentially allowing a malicious file upload and, under certain conditions, remote code execution (RCE). Public PoCs an...

CVE-2024-53677 Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks

File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before...

CVE-2024-53677 Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks

File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before...

Apache Struts 安全漏洞

Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts has a file upload...

PT-2024-9392

Vulnerability Summary Name of the Vulnerable Software and Affected Versions: Apache Struts versions 2.0.0 through 2.3.37, 2.5.0 through 2.5.33, and 6.0.0 through 6.3.0.2. Description A critical flaw exists in the file upload logic of Apache Struts. An attacker can manipulate file upload parameter...

Security Bulletin: IBM B2B File Gateway is affected by Apache Struts vulnerability to denial of service

Summary IBM B2B File Gateway is affected by Apache Struts vulnerability to denial of service Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an incomplete cleanup of the struts.multipart.saveDir directory after an upload reques...

The vulnerability of the struts2-core library in the Apache Struts software platform allows attackers to induce a service failure.

The vulnerability of the struts2-core library of the Apache Struts software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures using specially crafted XML files...

The vulnerability of the struts2-core library in the Apache Struts software platform allows attackers to induce a service failure.

The vulnerability of the struts2-core library of the Apache Struts software platform is related to errors during permission storage. Exploiting this vulnerability can allow an attacker to cause service failures using specially crafted files...

The vulnerability of the struts2-core library of the Apache Struts software platform allows attackers to execute arbitrary code.

The vulnerability of the struts2-core library of the Apache Struts software platform is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted XSLT file...

The vulnerability of the struts2-core library in the Apache Struts software platform allows attackers to induce a service failure.

The vulnerability of the struts2-core library of the Apache Struts software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures using specially crafted XML files...

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164 PoC This repository is a proof of concept PoC...

Apache Struts 2.0.0 < 2.3.18 RCE (S2-008)

The version of Apache Struts installed on the remote host is prior to 2.3.18. It is, therefore, affected by a vulnerability as referenced in the S2-008 advisory. - The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute...

Security Bulletin: Vulnerability in jackson-databind affects IBM watsonx.data

Summary There are multiple CVEs fixed for this Security Bulletin. For the FasterXML jackson-databind CVEs, jackson-databind could allow a remote attacker to execute arbitrary code on the system. For CVE-2017-7525, Apache Struts could also allow a remote attacker to execute arbitrary code on the...

Log4Shell HTTP Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Scanner', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration,...

PT-2024-10607 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a Server-Side Request Forgery SSRF in Apache Struts. No information is provided about the estimated number of potentially affected devices worldwide or real-world...

PT-2024-10753 · Undefined · Undefined

"Source": "CVE FEED", "Title": "CVE-2019-6162 - CVE-2020-35518: Apache Struts Command Injection Vulnerability", "Content": "CVE ID : CVE-2019-6162 Published : July 29, 2024, 9:15 p.m. | 29 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering...