Lucene search
K

7 matches found

vulnersOsv
vulnersOsv
added 2022/05/14 12:54 a.m.7 views

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +207 more potentially affected by CVE-2014-0116 via org.apache.struts:struts2-core (>=2.0.5 <=2.3.1.2)

org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =0.5.9, =1.2.0, =1.0.0, =2.0, =1.0.3, =1.2.2, =1.4.0 and more Source cves: CVE-2014-0116 Source advisory: OSV:GHSA-HMHQ-382Q-MP56...

5.8CVSS6.8AI score0.06516EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:25 a.m.48 views

Security Bulletin: IBM Platform Symphony (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)

Summary Several security vulnerabilities have been reported against Apache Struts 2 through May 2014. IBM Platform Symphony’s GUI uses Struts 2 as a framework for Java web applications. A version of the package that is vulnerable to these issues is included in several past versions of IBM Platfor...

7.5CVSS0.8AI score0.99614EPSS
Exploits7Affected Software2
Tenable Nessus
Tenable Nessus
added 2015/05/08 12:0 a.m.54 views

MySQL Enterprise Monitor 3.0.x < 3.0.11 Multiple Vulnerabilities

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker, using a crafted...

7.5CVSS7.7AI score0.99614EPSS
Exploits15References8
Huawei
Huawei
added 2014/07/07 12:0 a.m.92 views

Security Advisory-Apache Struts2 vulnerability on Huawei multiple products

Some versions of Apache Struts2 software used in Huawei devices have security vulnerabilities. A patch released for the software to fix vulnerabilities CVE-2014-0050 and CVE-2014-0094 has the risk of being bypassed. Vulnerability ID: HWPSIRT-2014-0420 This Vulnerability has been assigned Common...

7.5CVSS2.2AI score0.99614EPSS
Exploits15Affected Software12
NVD
NVD
added 2014/05/08 10:55 a.m.27 views

CVE-2014-0116

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

5.8CVSS9.3AI score0.06516EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2014/05/08 10:55 a.m.45 views

CVE-2014-0116

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

5.8CVSS6.9AI score0.06516EPSS
Exploits0References3
CVE
CVE
added 2014/05/08 10:0 a.m.112 views

CVE-2014-0116

Apache Struts 2.x vulnerable to ClassLoader manipulation via CookieInterceptor (getClass access) when using wildcard cookiesName, allowing remote code execution. Affects Struts 2.x before 2.3.20 (and multiple related CVEs linked to the same class loader flaw, including CVE-2014-0112 and CVE-2014-...

5.8CVSS6.1AI score0.06516EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder