14 matches found
Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251, CVE-2013-2248 CVE-2013-2135, CVE-2013-2134, CVE-2013-2115, CVE-2013-1966 and CVE-2013-1965)
Summary Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 Vulnerability Details Security Bulletin --- Summary --- Administrative access to the system vi...
br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +115 more potentially affected by CVE-2013-2115 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.14.1)
org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.2.0, =1.0.3, =3.0, =1.7.3, =1.7.3, =1.7.3, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =3.2.1 and more Source cves: CVE-2013-2115 Source advisory: OSV:GHSA-7GHM-RPC7-P7G5https://vulners.com/osv/OSV:GHSA-7GHM...
be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +131 more potentially affected by CVE-2013-2115 via org.apache.struts:struts2-core (>=2.0.11 <=2.3.14.1)
org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.2.0, =1.0.3, =0.6, =3.0, =5.0.1 - com.google.inject.extensions:guice-struts2-plugin =2.0 - com.google.inject.integration:guice-struts2-plugin =1.0 - com.googlecode.rapid-framework:rapid-core =4.0 and more Source cves:...
Apache Struts Security Update (S2-013, S2-014) - Version Check
The remote host is missing a security update for Apache Struts announced via the referenced advisories. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Apache Struts includeParams Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Security Advisory-Multiple Apache Struts2 Vulnerabilities in Huawei Products
Apache Struts2 is a second-generation and enterprise-ready Java web application framework based on the Model-View-Controller MVC architecture. This advisory describes four vulnerabilities of Apache Struts 2.0.0 - 2.3.15. Huawei products and applications using the above versions of Apache Struts a...
Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
This host is running Apache Struts2 and is prone to arbitrary java method execution vulnerabilities. OpenVAS Vulnerability Test $Id: gbapachestruts2javamethodexecvuln.nasl 8373 2018-01-11 10:29:41Z cfischer $ Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities...
Apache Struts URL includeParams Attribute OGNL Code Injection
Added: 07/18/2013 CVE: CVE-2013-2115 BID: 60167 OSVDB: 93645 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...
Apache Struts URL includeParams Attribute OGNL Code Injection
Added: 07/18/2013 CVE: CVE-2013-2115 BID: 60167 OSVDB: 93645 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...
Apache Struts URL includeParams Attribute OGNL Code Injection
Added: 07/18/2013 CVE: CVE-2013-2115 BID: 60167 OSVDB: 93645 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...
CVE-2013-2115
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966...
CVE-2013-2115
creationtimestamp| type| source ---|---|--- 2013-06-05 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/25980 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/strutsincludeparams.rb 2025-02-06 03:13:41+00:00| see...
Apache Struts URL and Anchor tag includeParams OGNL Command Execution (CVE-2013-1966; CVE-2013-2115)
The url/a tags resolve every parameter passed to them, allowing arbitrary OGNL expressions encoded into the URL to be evaluated bypassing both Struts and OGNL library protections. Successful exploitation will allow an attacker to execute arbitrary commands in the context of the server...
Apache Struts 'includeParams' 不完整修复安全绕过漏洞(CVE-2013-2115)
BUGTRAQ ID: 60167 CVECAN ID: CVE-2013-2115 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。它是WebWork和Struts社区合并后的产物。 Apache Struts 2.0.0-2.3.14.1存在未彻底修复的安全措施绕过漏洞(CVE-2013-1966),攻击者可利用此漏洞以当前用户权限执行任意代码。此漏洞已经在Struts 2.3.14.2中修复。 0 Apache Group Struts2 2.0.0 - 2.3.14.1 厂商补丁: Apache ------...