CVE-2021-31805

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

Remote code execution

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

CVE-2021-31805

The CVE-2021-31805 entry describes a Remote Code Execution risk in Apache Struts caused by forced OGNL evaluation in tag attributes. The issue arises when untrusted input is evaluated via %{...}, enabling double OGNL evaluation and potentially remote code execution. Affected products span Apache ...

CVE-2021-31805 Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

CVE-2021-31805

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %… syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

Apache Struts 2.0.0 < 2.5.30 Possible Remote Code Execution vulnerability (S2-062)

The version of Apache Struts installed on the remote host is prior to 2.5.30. It is, therefore, affected by a vulnerability as referenced in the S2-062 advisory. - The fix issued for CVE-2020-17530 S2-061 was incomplete. Still some of the tag's attributes could perform a double evaluation if a...

PT-2022-2374

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 2.5.29 Description The issue arises from incorrect handling of Object Graph Navigation Language expressions, which can lead to security degradation. If a developer uses forced OGNL evaluation with the %...

Apache Struts 2 安全漏洞

A remote code execution vulnerability exists in Apache Struts, an open source web application architecture for developing Java EE web applications from the Apache Foundation, which stems from the use of mandatory OGNL evaluation in tag attributes for untrusted user input. An attacker could exploi...

Apache Struts Improper Input Validation Vulnerability

Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language OGNL expressions...

Security Bulletin: Multiple vulnerabilities in WebSphere Service Registry and Repository in packages such as Apache Struts and Node.js

Summary Multiple security vulnerabilities in packages such as Apache Struts and Node.js affect WebSphere Service Registry and Repository. These have been addressed. Vulnerability Details CVEID:CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the...

Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs - February 2020

Summary Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs - February 2020 Vulnerability Details CVEID: CVE-2019-17267 DESCRIPTION: FasterXML jackson-databind could provide weaker than expected security, caused by a polymorphic typing issue in the...

Apache Struts Denial of Service (CVE-2006-1547)

A denial-of-service vulnerability exists in Apache Struts. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

Apache Struts 1 Improper Input Validation Vulnerability

The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...

GHSA-JC35-Q369-45PV Remote code execution in Apache Struts

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution...

Remote code execution in Apache Struts

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution...

Mageia: Security Advisory (MGASA-2016-0244)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Struts 2.5.x Multiple Log4j Vulnerabilities (Log4Shell) - Active Check

Apache Struts is prone to multiple vulnerabilities in the Apache Log4j library. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VulnCheck KEV: CVE-2006-1547

ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service DoS...

Apache Struts 2 Improper Input Validation Vulnerability

The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution...

Apache Struts 1 ActionForm Denial-of-Service Vulnerability

ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service DoS...