Apache Struts 2.5.x < 2.5.28.1 Log4j RCE Vulnerability

Apache Struts is prone to a remote code execution RCE vulnerability in the Apache Log4j library. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

Apache Struts 2.5.x < 2.5.28.2 Log4j DoS Vulnerability

Apache Struts is prone to a denial of service DoS vulnerability in the Apache Log4j library. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...

Log4Shell HTTP Scanner

Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP end point for the Log4Shell vulnerability by injectin...

Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited

Log4Shell., also known as CVE-2021-44228, was first reported privately to Apache on November 24 and was patched with version 2.15.0 of Log4j on December 9. It affects Apache Struts, Apache Solr, Apache Druid, Elasticsearch, Apache Dubbo, and VMware vCenter...

Apache Struts 2.5.x Log4j RCE Vulnerability (Log4Shell) - Version Check

Apache Struts is prone to a remote code execution RCE vulnerability in the Apache Log4j library dubbed SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

[Update: CISA issues Log4j vulnerabilities scanner] Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend

If youre running a service that relies on Apache Struts or uses the popular Apache Log4j utility we hope you havent made plans for the weekend. An exploit listed as CVE-2021-44228 was made public on December 9, 2021. The exploit is simple, easy to trigger, and can be used to perform remote code...

Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution...

GHSA-WP4H-PVGW-5727 Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution...

VulnCheck KEV: CVE-2017-9805

Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads...

Apache Struts Remote Code Execution Vulnerability

Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or...

Apache Struts Deserialization of Untrusted Data Vulnerability

Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads...

Apache Struts Remote Code Execution Vulnerability

Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution...

Apache Struts Remote Code Execution Vulnerability

Forced Object-Graph Navigation Language OGNL evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution...

VulnCheck KEV: CVE-2012-0391

The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution...

Apache Struts Security Update (CVE-2011-2087)

The javatemplates aka Java Templates plugin in Apache Struts is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Apache Struts Security Update (CVE-2006-1546, CVE-2006-1547, CVE-2006-1548)

Apache Struts is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apache Struts Security Update (CVE-2012-1592)

Apache Struts is prone to a local code execution vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

Apache Struts Config Browser Plugin Exposed (S2-043) - Active Check

The remote host is exposing the Apache Struts Config Browser Plugin via HTTP. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...

Apache Struts Security Update (CVE-2011-5057)

Apache Struts is prone to a session tampering vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

Apache Struts Security Update (CVE-2007-6726)

Apache Struts is prone to multiple cross-site scripting XSS vulnerabilities in Dojo. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...