412 matches found
UBUNTU-CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
CVE-2014-0114
The CVE-2014-0114 issue affects Apache Struts 1.x through 1.3.10 (and related products using commons-beanutils) where the ActionForm/ClassLoader handling could be manipulated via a class parameter passed to getClass, enabling remote code execution. The F5 advisory confirms the vulnerability impac...
CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
PT-2014-1716 · Apache +5 · Apache Struts +6
Name of the Vulnerable Software and Affected Versions: Apache Commons BeanUtils versions 1.8.0 through 1.9.2 Apache Struts versions 1.x through 1.3.10 Description: The issue allows remote attackers to manipulate the ClassLoader and execute arbitrary code via the class parameter. This can be...
[SA19493] Struts Multiple Vulnerabilities
TITLE: Struts Multiple Vulnerabilities SECUNIA ADVISORY ID: SA19493 VERIFY ADVISORY: http://secunia.com/advisories/19493/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, DoS WHERE: From remote SOFTWARE: Apache Struts 1.2.x http://secunia.com/product/6179/ DESCRIPTION:...
CVE-2006-1547
ActionForm in Apache Software Foundation ASF Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to...
CVE-2006-1547
ActionForm in Apache Software Foundation ASF Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to...
CVE-2006-1547
ActionForm in Apache Software Foundation ASF Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to...
CVE-2006-1547
ActionForm in Apache Software Foundation ASF Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to...
CVE-2006-1547
ActionForm in Apache Software Foundation ASF Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to...
CVE-2006-1547
CVE-2006-1547 affects Apache Struts 1.x before 1.2.9 when used with BeanUtils 1.7. The vulnerability arises from ActionForm handling a multipart/form-data form where a parameter name references getMultipartRequestHandler, granting access to elements in CommonsMultipartRequestHandler and BeanUtils...