PT-2020-5513 · Apache +1 · Apache Struts +1

Name of the Vulnerable Software and Affected Versions: Apache Struts versions 2.0.0 through 2.5.20 Description: The issue is related to insufficient control of modification of dynamically determined characteristics of an object in the Apache Struts platform. This can be exploited by a remote...

CVE-2019-0233

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload...

CVE-2019-0230

A flaw was found in Apache Struts frameworks. When forced, struts2 performs double evaluation of attributes' values assigned to certain tags attributes such as ID so it is possible to pass a value that will be evaluated again when a tag's attributes will be rendered. With a carefully crafted...

Apache Struts Security Update (S2-059, S2-060)

Apache Struts is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apache Struts 2.x < 2.5.22 Multiple Vulnerabilities (S2-059, S2-060) - Linux

Apache Struts is prone to multiple vulnerabilities. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

PoC Exploit Targeting Apache Struts Surfaces on GitHub

Proof-of-concept exploit code surfaced on GitHub on Friday, raising the stakes on two existing Apache Struts 2 bugs that allow for remote code-execution and denial-of-service attacks on vulnerable installations. The Cybersecurity and Infrastructure Security Agency CISA issued an alert regarding t...

Vulnerabilities fixed in Apache Struts

Apache has fixed vulnerabilities in Struts. The vulnerabilities allow a remote malicious party to cause a denial-of-service cause and to execute arbitrary code under permissions of the application. Apache has released updates to fix the vulnerabilities. More information can be found on the pages...

Apache Struts 2.x <= 2.5.20 Multiple Vulnerabilities

The version of Apache Struts installed on the remote host is 2.x prior or equal to 2.5.20. It is, therefore, affected by multiple vulnerabilities: - The Apache Struts frameworks, when forced, performs double evaluation of attributes' values assigned to certain tags attributes such as id so it is...

Exploit for Prototype Pollution in Apache Struts

CVE-2019-0230 CVE-2019-0230 Exploit This is CVE-20...

Exploit for Prototype Pollution in Apache Struts

CVE-2019-0230 CVE-2019-0230 Exploit This is CVE-2019-0...

MySQL Enterprise Monitor 3.4.x < 3.4.10 / 4.x < 4.0.7 / 8.x < 8.0.3 Multiple Vulnerabilities (Oct 2018 CPU)

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by the following vulnerabilities in its subcomponents: - Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is...

VulnCheck KEV: CVE-2017-9791

The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...

Arbitrary code execution in Apache Commons BeanUtils

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities.

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerabilities. Jackson-databind has known vulnerabilities in IBM Identity Governance and Intelligence. Vulnerability Details CVEID: CVE-2017-15095 DESCRIPTION: Jackson Library...

Security Bulletin: A vulnerability in Apache Struts affects IBM InfoSphere Information Server

Summary A vulnerability in Apache Struts used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2016-1181 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote...

Security Bulletin: Multiple vulnerabilities affect IBM PureApplication System

Summary There are multiple vulnerabilities that affect IBM PureApplication System. IBM PureApplication System has addressed vulnerabilities. Vulnerability Details CVEID: CVE-2016-5699 DESCRIPTION: urllib2 and urllib for Python are vulnerable to HTTP header injection, caused by improper validation...

CVE-2015-2992

Apache Struts before 2.3.20 has a cross-site scripting XSS vulnerability...

CVE-2015-2992

Apache Struts before 2.3.20 has a cross-site scripting XSS vulnerability...

Cross site scripting

Apache Struts before 2.3.20 has a cross-site scripting XSS vulnerability...

CVE-2015-2992

Apache Struts CVE-2015-2992 is an XSS vulnerability in Struts before 2.3.20, caused by improper validation of user input when JSP files are accessed directly. Exploitation could allow a remote attacker to run scripts in the victim’s browser and steal cookies. Affected products/versions include St...