1986 matches found
Apache Struts Security Update (S2-066)
Apache Struts is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:struts";...
Security Bulletin: A vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in Apache Struts affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2023-34396 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw when processing Multipart request containing non-fi...
Denial Of Services
org.apache.struts, struts2-core is vulnerable to Denial Of Services. The vulnerability exists due to the lack of a validated a max string length limit in JakartaMultiPartRequest.java which allows an attacker to cause an application crash by submitting large multipart requests...
Apache Struts vulnerable to path traversal
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...
CVE-2023-50164 Apache Struts: File upload component had a directory traversal vulnerability
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...
CVE-2023-50164
creationtimestamp| type| source ---|---|--- 2023-12-07 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1177 2023-12-08 14:17:07+00:00| seen| https://t.me/ctinow/154174 2023-12-11 17:03:39+00:00| seen| https://t.me/ctinow/154465 2023-12-11 17:25:08+00:00| seen|...
Vulnerability fixed in Apache Struts
Apache Foundation has fixed a vulnerability in Struts. A malicious person with rights to upload files can exploit the exploit the vulnerability to upload a rogue file to potentially potentially execute or cause to be executed arbitrary code within the application using Struts. Apache Foundation h...
Apache Struts 2.5.0 < 2.5.33 / 6.0.0 < 6.3.0.2 Remote Code Execution (S2-066)
The version of Apache Struts installed on the remote host is prior to 2.5.33 or 6.3.0.2. It is, therefore, affected by a vulnerability as referenced in the S2-066 advisory. - An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to...
Apache Struts 安全漏洞
Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts suffers from a directory...
GHSA-729Q-FCGP-R5XH Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fi...
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fi...
CVE-2023-41835 Apache Struts: excessive disk usage
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...
CVE-2023-41835 Apache Struts: excessive disk usage
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...
Apache Struts Security Vulnerabilities
Apache Struts is the United States Apache Apache Foundation of an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework product , Struts 1 and Struts 2. Apache Struts has a security...
PT-2023-7502 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts versions 2.0.0 through 2.5.32 Apache Struts versions 6.0.0 through 6.3.0.1 Description: A critical vulnerability has been identified in Apache Struts, allowing attackers to manipulate file upload parameters and enable path...
Security Bulletin: Vulnerabilities in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2023-41835)
Summary Apache Struts is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes Apache Struts v2.5.32. Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an incomplete cleanup of the...
CVE-2023-6308
A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestricted upload. The attack may be launched...
CVE-2023-6308
A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestricted upload. The attack may be launched...
Out-of-bounds
A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestricted upload. The attack may be launched...
CVE-2023-6308 Xiamen Four-Faith Video Surveillance Management System Apache Struts unrestricted upload
A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestricted upload. The attack may be launched...