Apache Struts 2.x < 2.5.26 Remote Code Execution (S2-061)

Apache Struts 2.0.0 to 2.5.26 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. No source data...

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Rational products based on IBM Jazz technology

Summary Multiple vulnerabilities in WebSphere Application Server traditional bundled with IBM Jazz Team Server based Applications affect the following products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team...

Apache Struts 2.x < 2.3.34 / 2.5.x < 2.5.12 Remote Code Execution (S2-053)

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a Remote Code Execution. No source data...

Apache Struts 2.1.6 < 2.3.34 / 2.5 < 2.5.13 Remote Code Execution (S2-052)

The REST Plugin in Apache Struts 2.1.6 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. No source data...

Apache Struts 2 < 2.3.33 Remote Code Execution (S2-048)

The Struts 1 plugin in Apache Struts 2 2.3.33 might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage class. No source data...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-1181 and CVE-2016-1182)

Summary IBM WebSphere Application Server is shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2016-1181...

Oracle MySQL Enterprise Monitor Multiple Vulnerabilities (Apr 2021 CPU)

MySQL Enterprise Monitor installed on the remote host is 8.0.x prior to 8.0.24. Therefore, it's affected by multiple vulnerabilities as referenced in the April 2021 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Monitoring: General Apache Tomcat...

Apache Struts 2 Demo Application Detected

The scanner has detected a publicly accessible Apache Struts 2 default demo application. Known and unknown vulnerabilities could be more easily exploited via this kind of application. No source data...

Apache Struts Security Update (S2-061) - Active Check

Apache Struts is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.

Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2019-0233, CVE-2019-0230 Vulnerability Details CVEID: CVE-2019-0233 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a fi...

Apache Struts 2 < 2.3.29 DevMode Remote Code Execution

Apache Struts 2 installed on the remote host is configured to operate in development mode DevMode and is in a version less than or equal to 2.3.29. While this environment can help speed up development of web applications, it is possible to abuse this mode to run arbitrary commands on the server. ...

Apache Struts 2.x < 2.3.15.1 Remote Code Execution (S2-016)

Apache Struts 2.x to 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted 'action:', 'redirect:', or 'redirectAction:' prefix. This mechanism was intended to help with attaching navigational information to buttons within forms. No source data...

VulnCheck KEV: CVE-2020-17530

Forced Object-Graph Navigation Language OGNL evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution...

Apache Struts Security Update (S2-036)

Apache Struts is prone to a remote code execution RCE vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Apache Struts Security Update (S2-024)

Apache Struts is prone to an unspecified vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

Apache Struts Security Update (S2-053) - Version Check

Apache Struts is prone to a remote code execution RCE vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Apache Struts Security Update (S2-045, S2-046) - Version Check

Apache Struts is prone to multiple remote code execution RCE vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...

Apache Struts Detection Consolidation

Consolidation of Apache Struts detections. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribu...

Apache Struts Detection (Linux/Unix SSH Login)

SSH login-based detection of Apache Struts. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apache Struts End of Life (EOL) Detection

The Apache Struts version on the remote host has reached the End of Life EOL and should not be used anymore. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...