CVE-2023-6308

The CVE-2023-6308 entry concerns Xiamen Four-Faith Video Surveillance Management System (2016/2017) with a vulnerability in the Apache Struts component that permits unrestricted file uploads. Exploitation can be remote and public disclosure exists. Several connected sources (Red Hat, CVE.org/CNNV...

PT-2023-32608 · Apache +1 · Apache Struts +1

Name of the Vulnerable Software and Affected Versions: Xiamen Four-Faith Video Surveillance Management System versions 2016 through 2017 Description: A critical issue has been found in the Apache Struts component of the system, allowing for unrestricted upload. The attack can be launched remotely...

DoS (Denial of Service) apache-struts in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

SRC-2023-0004 : Apache Struts Security Feature Bypass Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on applications utilizing affected installations of Apache Struts. Depending on the context, authentication may not be required to exploit this vulnerability. The specific flaw exists within the...

F5 Networks BIG-IP : Apache Struts vulnerabilities (K35226442)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K35226442 advisory. - An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing...

F5 Networks BIG-IP : Apache Struts vulnerabilities (K24608264)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K24608264 advisory. - Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code executio...

Oracle MySQL Enterprise Monitor (October 2023 CPU)

The versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Monitoring: General Apache Struts. Supported versions...

Security Bulletin: Struts vulnerability

Summary Apache Struts is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an incomplete cleanup of the struts.multipart.saveDir directory after an upload request is denied. By sending a speciall...

Security Bulletin: Struts vulnerability

Summary Apache Struts is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw with only handling setProperty but not getProperty. By sending a specially crafted request, a remote attacker cou...

Security Bulletin: Apache Struts Vulnerability

Summary Apache Struts Vulnerability Vulnerability Details CVEID:CVE-2023-34396 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw when processing Multipart request containing non-file normal form fields. By sending a specially crafted request, a remote attacker coul...

Apache Struts SEoL (2.3.0.x <= x <= 2.3.37.x)

According to its version, Apache Struts is between 2.3.0.x and 2.3.37.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

Apache Struts SEoL (1.0.x <= x <= 1.3.10.x)

According to its version, Apache Struts is between 1.0.x and 1.3.10.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

K000136957: Apache struts vulnerability CVE-2023-41835

Security Advisory Description When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Strut...

Security Bulletin: Vulnerabilities in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI

Summary Apache Struts is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component CVE-2023-34149, CVE-2023-34396 Vulnerability Details CVEID:CVE-2023-34396 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw when processing Multipart request containi...

Apache Struts 2.0.0 < 2.5.32 / 6.0.0 < 6.3.0.1 Denial of Service (S2-065)

The version of Apache Struts installed on the remote host is prior to 2.5.32 or 6.3.0.1. It is, therefore, affected by a vulnerability as referenced in the S2-065 advisory. - When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remai...

Security Bulletin: CVE-2023-34396 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint.

Summary CVE-2023-34396 reported in Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint Vulnerability Details CVEID:CVE-2023-34396 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw when...

Security Bulletin: CVE-2023-34149 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2023-34149 reported in Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint. Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw wit...

Security Bulletin: Apache Struts Vulerability Affects IBM eDiscovery Manager (CVE-2023-34149, CVE-2023-34396)

Summary Multiple vulnerabilities in Apache Struts 2.5.30 may affect IBM eDiscovery Manager. Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw with only handling setProperty but not getProperty. By sending a specially craft...

Security Bulletin: Multiple Vulnerabilities in Apache Struts Affect IBM eDiscovery Manager

Summary Multiple vulnerabilities in Apache Struts 2.3.x may affect IBM eDiscovery Manager. These are addressed. Vulnerability Details CVEID:CVE-2020-17530 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on...

Security Bulletin: Multiple Vulnerabilities in Apache Struts 1.2.x Affect IBM eDiscovery Manager

Summary Multiple vulnerabilities in Apache Struts 1.2.x may affect IBM eDiscovery Manager. Vulnerability Details CVEID:CVE-2016-1181 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote...