Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty

Summary Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections has addressed publicly disclosed vulnerability found by vFinder: Eclipse Jetty. Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary cod...

Apache Struts 2.x <= 2.3.36 commons-fileupload RCE Vulnerability

Apache Struts is prone to a remote code execution RCE in a shipped library. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Apache Struts Remote Code Execution (CVE-2016-1000031)

An insecure deserialization vulnerability has been reported in Apache Struts. This vulnerability is due to deseralization of untrusted data while having the vulnerable version of Apache-Commons-FileUpload library. A remote, unauthenticated attacker can exploit this vulnerability by sending a...

Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018

On November 5, 2018, the Apache Struts Team released a security announcement urging an upgrade of the Commons FileUpload library to version 1.3.3 on systems using Struts 2.3.36 or earlier releases. Systems using earlier versions of this library may be exposed to attacks that could allow execution...

Apache Struts Warns Users of Two-Year-Old Vulnerability

The Apache Software Foundation warned in an advisory that the latest version of the Commons FileUpload library is susceptible to a two-year-old remote code execution flaw. Users of the vulnerable library must update their projects manually. The critical bug in Commons FileUpload library is a know...

Apache Releases Security Advisory for Apache Struts

The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected. NCCIC...

Apache Struts 2.3.x < 2.3.33 Denial of Service (S2-049)

The version of Apache Struts running on the remote host is 2.3.x prior to 2.3.33. It is, therefore, affected by the following vulnerability: - A flaw exists in unspecified Spring AOP functionality that is used to secure Struts actions. An authenticated, remote attacker can exploit this to cause a...

Apache Struts <= 2.3.36 FileUpload Deserialization Vulnerability

The version of Apache Struts running on the remote host is 2.3.36 or prior. It is, therefore, affected by the following vulnerability: - A deserialization vulnerability in Apache Commons FileUpload which could be leveraged for remote code execution. CVE-2016-1000031 Note that Nessus has not teste...

Security Bulletin: Multiple vulnerabilities affect IBM Rational Design Manager

Summary Multiple security vulnerabilities affect Rational Rhapsody Design Manager Rhapsody DM Vulnerability Details CVEID: CVE-2016-8739 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by XML External Entity XXE vulnerability in JAX-RS implementation...

Apache Struts Cookie Detection

Binary data 700370.prm...

Apache Struts Page Detection

Binary data 700367.prm...

Apache Struts Page Detection

Binary data 700369.prm...

Apache Struts URL Detection

Binary data 700366.prm...

Apache Struts Page Detection

Binary data 700368.prm...

Apache Struts 2 Freemarker Tag Handling RCE

Remote command execution vulnerability in Apache Struts 2 freemarker tag handling Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Apache Struts 2 Multiple Tags Result Namespace Handling RCE

Remote command execution vulnerability in Apache Struts 2 multiple tags result namespace handling Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

Apache Struts contains a Remote Code Execution when using results with no namespace and it's upper actions have no or wildcard namespace. The same flaw exists when using a url tag with no value, action set, and it's upper actions have no or wildcard namespace...

GHSA-CR6J-3JP9-RW65 Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

Apache Struts contains a Remote Code Execution when using results with no namespace and it's upper actions have no or wildcard namespace. The same flaw exists when using a url tag with no value, action set, and it's upper actions have no or wildcard namespace...

Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

Apache Struts versions prior to 2.3.32 and 2.5.10.1 contain incorrect exception handling and error-message generation during file-upload attempts using the Jakarta Multipart parser, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...

GHSA-J77Q-2QQG-6989 Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

Apache Struts versions prior to 2.3.32 and 2.5.10.1 contain incorrect exception handling and error-message generation during file-upload attempts using the Jakarta Multipart parser, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...