Lucene search
K

14 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.68 views

Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251, CVE-2013-2248 CVE-2013-2135, CVE-2013-2134, CVE-2013-2115, CVE-2013-1966 and CVE-2013-1965)

Summary Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 Vulnerability Details Security Bulletin --- Summary --- Administrative access to the system vi...

9.8CVSS9.1AI score0.99998EPSS
Exploits33
vulnersOsv
vulnersOsv
added 2022/05/13 1:16 a.m.6 views

br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +115 more potentially affected by CVE-2013-2115 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.14.1)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.2.0, =1.0.3, =3.0, =1.7.3, =1.7.3, =1.7.3, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =3.2.1 and more Source cves: CVE-2013-2115 Source advisory: OSV:GHSA-7GHM-RPC7-P7G5https://vulners.com/osv/OSV:GHSA-7GHM...

9.3CVSS7.2AI score0.72778EPSS
Exploits9
vulnersOsv
vulnersOsv
added 2022/05/13 1:16 a.m.5 views

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +131 more potentially affected by CVE-2013-2115 via org.apache.struts:struts2-core (>=2.0.11 <=2.3.14.1)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.2.0, =1.0.3, =0.6, =3.0, =5.0.1 - com.google.inject.extensions:guice-struts2-plugin =2.0 - com.google.inject.integration:guice-struts2-plugin =1.0 - com.googlecode.rapid-framework:rapid-core =4.0 and more Source cves:...

9.3CVSS7.2AI score0.72778EPSS
Exploits9
OpenVAS
OpenVAS
added 2021/09/14 12:0 a.m.24 views

Apache Struts Security Update (S2-013, S2-014) - Version Check

The remote host is missing a security update for Apache Struts announced via the referenced advisories. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

8.1AI score
Exploits0References6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Apache Struts includeParams Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score
Exploits0
Huawei
Huawei
added 2013/07/30 12:0 a.m.122 views

Security Advisory-Multiple Apache Struts2 Vulnerabilities in Huawei Products

Apache Struts2 is a second-generation and enterprise-ready Java web application framework based on the Model-View-Controller MVC architecture. This advisory describes four vulnerabilities of Apache Struts 2.0.0 - 2.3.15. Huawei products and applications using the above versions of Apache Struts a...

9.8CVSS9.3AI score0.99998EPSS
Exploits32Affected Software26
OpenVAS
OpenVAS
added 2013/07/23 12:0 a.m.69 views

Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities

This host is running Apache Struts2 and is prone to arbitrary java method execution vulnerabilities. OpenVAS Vulnerability Test $Id: gbapachestruts2javamethodexecvuln.nasl 8373 2018-01-11 10:29:41Z cfischer $ Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities...

9.3CVSS0.8AI score0.72778EPSS
Exploits11References5
Saint
Saint
added 2013/07/18 12:0 a.m.52 views

Apache Struts URL includeParams Attribute OGNL Code Injection

Added: 07/18/2013 CVE: CVE-2013-2115 BID: 60167 OSVDB: 93645 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...

9.3CVSS8.2AI score0.72778EPSS
Exploits9
Saint
Saint
added 2013/07/18 12:0 a.m.35 views

Apache Struts URL includeParams Attribute OGNL Code Injection

Added: 07/18/2013 CVE: CVE-2013-2115 BID: 60167 OSVDB: 93645 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...

9.3CVSS8.2AI score0.72778EPSS
Exploits9
Saint
Saint
added 2013/07/18 12:0 a.m.52 views

Apache Struts URL includeParams Attribute OGNL Code Injection

Added: 07/18/2013 CVE: CVE-2013-2115 BID: 60167 OSVDB: 93645 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...

9.3CVSS8.2AI score0.72778EPSS
Exploits9
NVD
NVD
added 2013/07/10 7:55 p.m.26 views

CVE-2013-2115

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966...

9.3CVSS8.2AI score0.72778EPSS
Exploits9References4
Circl
Circl
added 2013/06/05 12:0 a.m.7 views

CVE-2013-2115

creationtimestamp| type| source ---|---|--- 2013-06-05 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/25980 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/strutsincludeparams.rb 2025-02-06 03:13:41+00:00| see...

9.3CVSS7.3AI score0.72778EPSS
Exploits9References2
Check Point Advisories
Check Point Advisories
added 2013/06/04 12:0 a.m.21 views

Apache Struts URL and Anchor tag includeParams OGNL Command Execution (CVE-2013-1966; CVE-2013-2115)

The url/a tags resolve every parameter passed to them, allowing arbitrary OGNL expressions encoded into the URL to be evaluated bypassing both Struts and OGNL library protections. Successful exploitation will allow an attacker to execute arbitrary commands in the context of the server...

9.3CVSS8.4AI score0.72778EPSS
Exploits11
seebug.org
seebug.org
added 2013/05/30 12:0 a.m.80 views

Apache Struts 'includeParams' 不完整修复安全绕过漏洞(CVE-2013-2115)

BUGTRAQ ID: 60167 CVECAN ID: CVE-2013-2115 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。它是WebWork和Struts社区合并后的产物。 Apache Struts 2.0.0-2.3.14.1存在未彻底修复的安全措施绕过漏洞(CVE-2013-1966),攻击者可利用此漏洞以当前用户权限执行任意代码。此漏洞已经在Struts 2.3.14.2中修复。 0 Apache Group Struts2 2.0.0 - 2.3.14.1 厂商补丁: Apache ------...

9.3CVSS7.7AI score0.72778EPSS
Exploits11
Rows per page
Query Builder