Apache Struts Config Browser Plugin Detection

Binary data strutsconfigbrowserdetect.nbin...

Apache Struts 2 Commons FileUpload Insecure Deserialization (CVE-2016-1000031)

An insecure deserialization vulnerability exists in Apache Struts 2. This vulnerability is due to Apache Struts 2 having a dependency on a vulnerable version of Commons FileUpload. Successful exploitation can result in arbitrary file upload within the security context of the target application...

Apache Struts 2 Config Browser Detected

Apache Struts 2 Config Browser Plugin is a module to help view Struts application's configuration at runtime. This plugin has been detected on the web application by the scanner. It may be possible for an attacker to view Apache Struts version, loaded configuration or accessible action URLs for...

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID: CVE-2015-0899 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused b...

Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud

Summary There are multiple security vulnerabilities that affect IBM WebSphere Application Server in IBM Cloud. Vulnerability Details CVEID: CVE-2017-1743 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to obtain sensitive information caused by improper handling of...

Security Bulletin: Intelligent Clusters Security Bulletin, 1410

Summary Security Bulletin: Intelligent Clusters Security Bulletin, 1410 Vulnerability Details Security Bulletin --- Summary --- Administrative access to the system via the IP interface may be obtained without authentication. Vulnerability Details --- CVEID: CVE-2013-4310 CVE-2013-4316 DESCRIPTION...

Security Bulletin: IBM Security Guardium is affected by an OpenSource Apache Struts vulnerability

Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2015-0899 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this...

Security Bulletin: IBM Security Guardium is affected by an OpenSource Apache Struts Vulnerability

Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVE-ID: CVE-2015-0899 Description: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit thi...

VulnCheck KEV: CVE-2018-11776

Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or...

Apache Struts 2 'method:' Prefix Arbitrary Remote Command Execution

The remote web application appears to use Struts 2, a web framework that utilizes OGNL Object-Graph Navigation Language as an expression language. When Dynamic Method Invocation is enabled, it is possible to pass a malicious expression to the 'method:' prefix. A remote, unauthenticated attacker c...

Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities (Apache Struts) vulnerability

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An...

Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI shipped with Tivoli Integrated Portal

Summary Vulnerabilities exist in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI. These only exist if you have deployed the optional UDDI application. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacker to execute...

Security Bulletin: Potential vulnerability in WebSphere Application Server shipped with Tivoli Integrated Portal (CVE-2015-0899)

Summary There is a potential vulnerability in WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-0899 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit...

Security Bulletin: Potential vulnerability in WebSphere Application Server shipped with Jazz for Service Management (CVE-2015-0899)

Summary There is a potential vulnerability in WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-0899 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit...

Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI shipped with Jazz for Service Management

Summary Vulnerabilities exist in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI. These only exist if you have deployed the optional UDDI application. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacker to execute...

Security Bulletin: IBM Tivoli Common Reporting (TCR) 2018Q2 Security Updater: TCR, a part of IBM Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities

Summary Fixes of Cognos Business Intelligence are provided as part of TCR fixes This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Business Intelligence. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM®...

Validation Bypass

Apache Struts is vulnerable to validation bypass. Applications that do not use isCancelled check do not detect a cancelled action which allows remote attackers to bypass validation via a request with a org.apache.struts.taglib.html.Constants.CANCEL parameter...

Cross-Site Scripting (XSS)

Apache Struts is vulnerable to cross-site scripting. A lack of validation in the parameter name allows a remote attacker to inject arbitrary Javascript through an error message. The vulnerability affects LookupDispatchAction, DispatchAction and ActionDispatcher...

Denial Of Service (DoS)

Apache Struts is vulnerable to denial of service. A remote attacker is able to cause a denial of service condition using a multipart/form-data encoded form with a parameter name that references the getMultipartRequestHandler function which provides access to elements in...

Cross-Site Scripting (XSS)

Apache Struts is vulnerable to cross-site scripting. Lack of input validation and sanitization on the query string allows a remote attacker to inject arbitrary Javascript into a victim's browser when the reuest handler generates an error message...