13 matches found
Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251, CVE-2013-2248 CVE-2013-2135, CVE-2013-2134, CVE-2013-2115, CVE-2013-1966 and CVE-2013-1965)
Summary Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 Vulnerability Details Security Bulletin --- Summary --- Administrative access to the system vi...
Apache Struts Security Update (S2-013, S2-014) - Version Check
The remote host is missing a security update for Apache Struts announced via the referenced advisories. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Apache Struts includeParams Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Security Advisory-Multiple Apache Struts2 Vulnerabilities in Huawei Products
Apache Struts2 is a second-generation and enterprise-ready Java web application framework based on the Model-View-Controller MVC architecture. This advisory describes four vulnerabilities of Apache Struts 2.0.0 - 2.3.15. Huawei products and applications using the above versions of Apache Struts a...
Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
This host is running Apache Struts2 and is prone to arbitrary java method execution vulnerabilities. OpenVAS Vulnerability Test $Id: gbapachestruts2javamethodexecvuln.nasl 8373 2018-01-11 10:29:41Z cfischer $ Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities...
CVE-2013-1966
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...
Code injection
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966...
CVE-2013-1966
CVE-2013-1966 (and related Struts 2 OGNL flaws) enables remote code execution via crafted requests that abuse includeParams handling in the URL or A tag. Public docs in IBM advisories note affected IBM products (e.g., Sterling Order Management, Storwize Unified GUI/Storwize platforms) and specify...
CVE-2013-1966
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...
Apache Struts 2 Crafted Parameter Arbitrary OGNL Expression Remote Command Execution
The remote web application appears to use Struts 2, a web framework that utilizes OGNL Object-Graph Navigation Language as an expression language. Due to a flaw in the evaluation of an OGNL expression, a remote, unauthenticated attacker can exploit this issue to execute arbitrary commands on the...
CVE-2013-1966
creationtimestamp| type| source ---|---|--- 2013-06-05 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/25980 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/strutsincludeparams.rb 2023-12-18 07:08:26+00:00| see...
Apache Struts URL and Anchor tag includeParams OGNL Command Execution (CVE-2013-1966; CVE-2013-2115)
The url/a tags resolve every parameter passed to them, allowing arbitrary OGNL expressions encoded into the URL to be evaluated bypassing both Struts and OGNL library protections. Successful exploitation will allow an attacker to execute arbitrary commands in the context of the server...
Apache Struts2 includeParams属性远程命令执行漏洞(CVE-2013-1966)
No description provided by source. 打开Struts Blank App中的 HelloWorld.jsp增加类似下列代码: s:url id="url" action="HelloWorld" includeParams="all" 运行 struts2-blank app 访问下列地址:...