Lucene search
K

1986 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.69 views

Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2016-4461)

Summary A vulnerability in the Apache Struts component affects the Service Assistant GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products. The Command Line Interface is unaffected. Vulnerability Details CVEID: CVE-2016-4461 DESCRIPTION: Apache Struts could allow a remote...

9CVSS9.1AI score0.0802EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/10 5:9 a.m.47 views

Security Bulletin: Apache Commons Beanutils (Publicly disclosed vulnerability) affects IBM eDiscovery Manager (CVE-2019-10086, CVE-2014-0114)

Summary Apache Commons Beanutils vulnerabilities could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the...

7.5CVSS8.2AI score0.95821EPSS
Exploits5Affected Software1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.15 views

Debian: Security Advisory (DLA-292-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.21261EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.45 views

K43167094: Apache Struts 2 vulnerability CVE-2016-6795

Security Advisory Description In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. CVE-2016-6795 Impact There is no impact; F5 products are not affected by thi...

9.8CVSS9.5AI score0.08438EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.981 views

K60499474: Apache Struts vulnerability CVE-2018-11776

Security Advisory Description Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper actions have no or wildcard namespace. Same possibility when using url tag which doesn't have value and...

9.3CVSS9.2AI score0.99993EPSS
Exploits41
F5 Networks
F5 Networks
added 2023/02/21 7:59 p.m.46 views

K15262: Apache Struts vulnerability CVE-2014-0113

Security Advisory Description CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request...

7.5CVSS8.2AI score0.78306EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:59 p.m.40 views

K15261: Apache Struts vulnerability CVE-2014-0112

Security Advisory Description ParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. CVE-2014-0112 Impact None. F5 products do...

7.5CVSS8.2AI score0.97909EPSS
Exploits6
F5 Networks
F5 Networks
added 2023/02/21 7:58 p.m.46 views

K17126: Apache Struts vulnerability CVE-2014-7809

Security Advisory Description Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism. CVE-2014-7809 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...

6.8CVSS7.1AI score0.03486EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:57 p.m.31 views

K13434228: Apache Struts vulnerability CVE-2012-0392

Security Advisory Description The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...

6.8CVSS9.5AI score0.96787EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 7:53 p.m.1069 views

K43451236: Apache Struts 2 vulnerability CVE-2017-5638

Security Advisory Description The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted...

10CVSS9.3AI score0.99999EPSS
Exploits44
F5 Networks
F5 Networks
added 2023/02/21 7:52 p.m.112 views

K93135205: Apache Struts 2 vulnerability CVE-2016-4436

Security Advisory Description Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up. CVE-2016-4436 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status...

9.8CVSS9.4AI score0.06549EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:50 p.m.54 views

K25570584: Apache Struts vulnerability CVE-2012-0394

Security Advisory Description DISPUTED The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability...

6.8CVSS9.1AI score0.74405EPSS
Exploits9
F5 Networks
F5 Networks
added 2023/02/21 7:46 p.m.33 views

K16444: Apache vulnerability CVE-2015-0899

Security Advisory Description The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. When the Apache Struts 1...

7.5CVSS7.8AI score0.21261EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:45 p.m.46 views

K15260: Apache Struts vulnerability CVE-2014-0094

Security Advisory Description The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method. CVE-2014-0094 Impact None. F5 products do not use the affected Apache Struts version...

5CVSS9.3AI score0.99614EPSS
Exploits7
F5 Networks
F5 Networks
added 2023/02/21 7:45 p.m.37 views

K74571223: Apache Struts vulnerability CVE-2016-8738

Security Advisory Description In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. CVE-2016-87...

5.9CVSS5.7AI score0.03347EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:41 p.m.32 views

K17563: Apache Struts vulnerability CVE-2015-2992

Security Advisory Description Arbitrary script can be executed when JSP files are exposed to be accessed directly. Affected versions are Struts 2.0.0 - 2.3.16.3. CVE-2015-2992 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

6.1CVSS7AI score0.05618EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:33 p.m.226 views

K10506844: Apache Struts 2 vulnerabilities CVE-2013-1966, CVE-2013-2115, CVE-2013-2134, and CVE-2013-2135

Security Advisory Description CVE-2013-1966 Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. CVE-2013-2115 Apache Struts 2 before 2.3.14.2 allow...

9.3CVSS9.1AI score0.72778EPSS
Exploits12
F5 Networks
F5 Networks
added 2023/02/21 7:31 p.m.34 views

K16334: Apache Struts vulnerability CVE-2013-4316

Security Advisory Description Description Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. CVE-2013-4316 Impact None Status To determine if your release is known to be vulnerable, the components or features that are...

10CVSS4.6AI score0.08333EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 7:25 p.m.42 views

K17449: Apache Struts 2 vulnerability CVE-2015-5169

Security Advisory Description Cross-site scripting XSS vulnerability in Apache Struts before 2.3.20. CVE-2015-5169 When debug mode is switched on in Apache Struts, under certain conditions, an arbitrary script may be executed in the 'Problem Report' screen. Affected versions are Struts 2.0.0 -...

6.1CVSS6.3AI score0.07551EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.31 views

K16827: Apache Struts vulnerability CVE-2015-1831

Security Advisory Description Description Incorrect default exclude patterns were introduced in version 2.3.20 of Struts, if default settings are used, the attacker can compromise internal application's state. CVE-2015-1831 Impact There is no impact; F5 products are not affected by this...

7.5CVSS6.5AI score0.06312EPSS
Exploits0
Rows per page
Query Builder