Lucene search
K

11 matches found

OpenVAS
OpenVAS
added 2021/09/14 12:0 a.m.20 views

Apache Struts Security Update (S2-009)

The remote host is missing a security update for Apache Struts announced via the referenced advisory. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

9.8CVSS9.6AI score0.88829EPSS
Exploits16References2
d2
d2
added 2019/11/01 2:15 p.m.224 views

DSquare Exploit Pack: D2SEC_STRUTS3

Name| d2secstruts3 ---|--- CVE| CVE-2011-3923 Exploit Pack| D2ExploitPack Description| d2secstruts3 Notes|...

7.5CVSS1.7AI score0.88829EPSS
Exploits16
CVE
CVE
added 2019/11/01 1:57 p.m.285 views

CVE-2011-3923

CVE-2011-3923 affects Apache Struts 2 prior to 2.3.1.2, where a flaw in the ParameterInterceptor allows untrusted input to be treated as OGNL expressions, bypassing protections and enabling remote command execution. Public details indicate the vulnerability enables an attacker to execute arbitrar...

9.8CVSS9.5AI score0.88829EPSS
Exploits16References7Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.63 views

Apache Struts ParametersInterceptor Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

0.5AI score0.88829EPSS
Exploits16
Circl
Circl
added 2013/03/22 12:0 a.m.24 views

CVE-2011-3923

creationtimestamp| type| source ---|---|--- 2013-03-22 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/24874 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/strutscodeexecparameters.rb 2023-12-18 06:16:28+00:00...

9.8CVSS8.6AI score0.88829EPSS
Exploits16References5
myhack58
myhack58
added 2013/01/03 12:0 a.m.51 views

Struts2 vulnerability analysis of the Ognl expression characteristics of the initiator of the idea-vulnerability warning-the black bar safety net

0×0 1 Summary 0×0 2 background and principles of analysis 0×0 3 example simulation and tracking 0×0 4 Summary 0×0 1 Summary: In the Ognl expression, will be the brackets“”contains the variable content as a Ognl expression execution. Ognl expressions of this characteristic, triggering a new attack...

1.2AI score
Exploits0
myhack58
myhack58
added 2012/12/19 12:0 a.m.30 views

Struts2 vulnerability analysis of the Ognl expression characteristics of the initiator of new ideas-vulnerability warning-the black bar safety net

A, summary In Ognl expression, it will be in parentheses“”contains the variable content as a Ognl expression execution. Ognl expressions of this characteristic, triggering a new attack ideas. By the malicious code is stored into a variable, and then call in Ognl expressions in the function that...

0.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2012/05/14 12:0 a.m.19 views

Apache Struts 2 ParametersInterceptor OGNL Command Execution (CVE-2011-3923)

A command execution vulnerability has been reported in Apache Struts 2...

9.1AI score0.88829EPSS
Exploits16
Saint
Saint
added 2012/03/26 12:0 a.m.48 views

Apache Struts 2 ParametersInterceptor OGNL Command Injection

Added: 03/26/2012 CVE: CVE-2011-3923 BID: 51628 OSVDB: 78109 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...

9.7AI score0.88829EPSS
Exploits16
Saint
Saint
added 2012/03/26 12:0 a.m.37 views

Apache Struts 2 ParametersInterceptor OGNL Command Injection

Added: 03/26/2012 CVE: CVE-2011-3923 BID: 51628 OSVDB: 78109 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...

9.8CVSS9.7AI score0.88829EPSS
Exploits16
Tenable Nessus
Tenable Nessus
added 2012/02/06 12:0 a.m.111 views

Apache Struts 2 ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution

The remote web application appears to use Apache Struts 2, a web framework that uses XWork. Due to a flaw in the ParameterInterceptor class, user input is not properly sanitized, which allows a remote attacker to run arbitrary Java code on the remote host by sending a specially crafted HTTP...

9.8CVSS8.7AI score0.88829EPSS
Exploits16References3
Rows per page
Query Builder