1986 matches found
Mirage
It is an offensive tool for web exploitation. The tool targets t...
Security Bulletin: Due to use of Apache Struts, Netcool Operation Insight is vulnerable to arbitrary code execution.
Summary Apache Struts is used by Netcool Operations Insight as part of internal services CVE-2023-50164 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary...
Security Bulletin: A vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in Apache Struts affects the product's management GUI. The Command Line Interface is unaffected CVE-2023-50164. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION: Apache Struts could allow a remo...
DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Crowd Data Center and Server
This High severity org.apache.struts:struts2-core Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.apache.struts:struts2-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.
Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2023-41835, CVE-2023-50164 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a deni...
VulnCheck KEV: CVE-2017-12611
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...
Security Bulletin: Order Management could be subject to an Apache Struts vulnerability that could allow a remote attacker to execute arbitrary code on the system.
Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2013-2115, CVE-2013-4316, CVE-2014-0112, CVE-2014-0113, CVE-2015-5209, CVE-2016-3082, CVE-2016-4436, CVE-2017-12611, CVE-2019-0230, CVE-2019-0233, CVE-2020-17530, CVE-2021-31805,...
Security Bulletin: Order Management could be subject to multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x.
Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2012-0838, CVE-2011-1772, CVE-2008-6504, CVE-2010-1870, CVE-2012-0394, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin...
K000139043: Apache Struts vulnerabilities CVE-2016-4430, CVE-2016-4431, and CVE-2016-4433
Security Advisory Description CVE-2016-4430 Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery CSRF attacks via unspecified vectors. CVE-2016-4431 Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers ...
Atlassian Confluence 1.0.1 < 7.19.18 / 7.20.x < 8.5.5 / 8.6.x < 8.7.2 / 8.8.0 (CONFSERVER-94106)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-94106 advisory. - This High severity org.apache.struts:struts2-core Dependency vulnerability was introduced in versions 1.0.1 of Confluence Data Center and...
Security Bulletin: Due to use of Apache Struts, IBM Sterling File Gateway is affected by denial of service vulnerabilities (CVE-2023-34149, CVE-2023-34396)
Summary IBM Sterling File Gateway uses Apache Struts. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw with only handling setProperty but not...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-34058 DESCRIPTION: VMware Tools could allow a remote attacker to gain elevate...
Security Bulletin: Vulnerabilities in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2023-50164)
Summary Apache Struts is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes Apache Struts v2.5.33. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the...
Security Bulletin: IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-5072, CVE-2023-50164)
Summary IBM Security Guardium has addressed these vulnerabilities Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: JSON-java is vulnerable to a denial of service, caused by a bug in the parser. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cau...
Detect and Manage the Risk of Apache Struts (CVE-2023-50164) Comprehensively
Introduction In the vast landscape of cybersecurity, staying vigilant against potential threats is crucial. A critical vulnerability that surfaced recently is CVE-2023-50164, affecting Apache Struts 2, a widely used open-source framework for Java development. This path traversal vulnerability,...
Exploit for Files or Directories Accessible to External Parties in Apache Struts
CVE-2023-50164 Apache Struts path traversal to RCE vulnerabil...
Exploit for Files or Directories Accessible to External Parties in Apache Struts
This is a Proof of Concept PoC for CVE-2023-50164https://nv...
Yet Another Apache Struts 2 Vulnerability – CVE-2023-50164
Apache Struts is a popular open-source web application framework used to develop MVC-based web applications. The widespread adoption of the Apache Struts framework has resulted in the related applications being targeted by malicious actors over the years. The popularity of the framework results i...
Exploit for Files or Directories Accessible to External Parties in Apache Struts
CVE-2023-50164 : Apache Struts 2 vulnerable Docker container...
Exploit for Files or Directories Accessible to External Parties in Apache Struts
Contains vulnerable WAR file and docker file that can be used...