35 matches found
CVE-2014-0113
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists...
Design/Logic Flaw
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists...
CVE-2014-0113
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists...
CVE-2014-0113
The CVE-2014-0113 issue affects Apache Struts CookieInterceptor in Struts 2.x prior to 2.3.20 (and related advisories reference 2.3.16.2), where a wildcard cookiesName value allows access to getClass, enabling potential ClassLoader manipulation and remote code execution via a crafted request. Thi...
CVE-2014-0113
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists...
Apache Struts 2 CookieInterceptor OGNL Script Injection (CVE-2012-0392)
A code execution vulnerability has been reported in Apache Struts 2...
SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2
SEC Consult Vulnerability Lab Security Advisory 20120104-0 ======================================================================= title: Multiple critical vulnerabilities in Apache Struts2 product: Apache Struts2 OpenSymphony XWork OpenSymphony OGNL vulnerable version: 2.3.1 and below fixed...
CVE-2012-0392
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...
CVE-2012-0392
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...
Immunity Canvas: STRUTSCODEINJECTION
Name| strutsCodeInjection ---|--- CVE| CVE-2012-0394 Exploit Pack| CANVAS Description| Struts Code Injector Notes| CVE Name: CVE-2012-0394 VENDOR: Apache Notes: CVE-2012-0394 - Struts = 2.2.1.1 ExceptionDelegator When an exception occurs while applying parameter values to properties, the value is...
Security feature bypass
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...
CVE-2012-0392
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...
CVE-2012-0392
CVE-2012-0392 affects Apache Struts: CookieInterceptor does not enforce a parameter-name whitelist, enabling remote code execution via a crafted HTTP Cookie header that can trigger Java code execution through a static method. The Nuclei template confirms this as part of the S2-008 family, describ...
Apache Struts 2 2.3.1 - Multiple Vulnerabilities
Apache Struts 2 2.3.1 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities in Apache Struts2 product: Apache Struts2 OpenSymphony XWork OpenSymphony OGNL vulnerab...
Apache Struts远程命令执行和任意文件覆盖漏洞
Bugtraq ID: 51257 Apache Struts是一款建立Java web应用程序的开放源代码架构。 Apache Struts存在安全漏洞,允许攻击者利用漏洞执行任意命令或覆盖任意文件 -Apache Struts存在一个输入过滤错误,如果遇到转换错误可被利用注入和执行任意Java代码。 -当处理COOKIE名称过程中CookieInterceptor类没有正确限制对某些静态模式的访问,可被利用执行任意命令。 -部分未明输入在用于创建文件之前没有由ParameterInterceptor进行正确过滤,可被利用通过目录遍历攻击创建或覆盖任意文件。 0 Apache Stru...