7 matches found
Security Bulletin: IBM SAN Volume Controller and Storwize Family security vulnerabilities (CVE-2013-4310 CVE-2013-4316)
Summary Security Bulletin: IBM SAN Volume Controller and Storwize Family security vulnerabilities CVE-2013-4310 CVE-2013-4316 Vulnerability Details Security Bulletin --- Summary --- Administrative access to the system via the IP interface may be obtained without authentication. Vulnerability...
Security Bulletin: IBM Storwize V7000 Unified V1.4.2.1 Includes Fixes for IBM Storwize V7000 Security Vulnerabilities (CVE-2013-4310 CVE-2013-4316)
Abstract IBM Storwize V7000 Unified includes fixes for security vulnerabilities in IBM Storwize V7000. Administrative access to the IBM Storwize V7000 via the IP interface may be obtained without authentication. Content Please note that below vulnerabilities are applicable to IBM Storwize V7000...
be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +172 more potentially affected by CVE-2013-4310 via org.apache.struts:struts2-core (>=2.0.5 <=2.3.15.2)
org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.0, =1.0.3, =0.6, =3.0, =5.0.1 and more Source cves: CVE-2013-4310 Source advisory: OSV:GHSA-Q5Q8-JGHF-3PM3...
Apache Struts 2.x < 2.3.15.3 Broken Access Control Vulnerability (S2-018)
The version of Apache Struts running on the remote host is 2.x prior to 2.3.15.3. It, therefore, is affected by a broken access control vulnerability which can be used to bypass security constraints. Note that Nessus has not tested for these issues but has instead relied only on the application's...
Security Bulletin:Sterling Web Channel is affected by Apache Struts 2 security vulnerabilities (CVE-2013-4310, CVE-2013-4316, CVE-2013-2251, CVE-2013-2248, CVE-2013-2135, CVE-2013-2134, CVE-2013-2115, CVE-2013-1966, CVE-2013-1965)
Summary IBM Sterling Web Channel use Apache Struts 2 and is affected by some of the vulnerabilities that exist in Apache Struts 2. Vulnerability Details CVEID: CVE-2013-4310 Description: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the action:...
CVE-2013-4310
CVE-2013-4310 is an Apache Struts 2 vulnerability (prefix action: bypass) with a CVSS v2 base score 5.8 (network, low complexity). IBM security bullets tie this to IBM SAN Volume Controller, Storwize family, Storwize V7000, V5000, V3700, V3500 (Lenovo) and related IBM Flex System components. In I...
Apache Struts 安全措施绕过漏洞
BUGTRAQ ID: 62584 CVECAN ID: CVE-2013-4310 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。 Apache Struts 2.0.0-2.3.15.1的操作映射机制支持特殊参数前缀操作,这样有可能会在表格底部附加引导信息,在映射 "action:" 前缀操作时存在安全绕过漏洞,可被利用绕过某些安全限制,访问受限制功能。 0 Apache Group Struts 2.3.15.2 厂商补丁: Apache Group ------------ Apache...