7 matches found
Security Bulletin: IBM FlashSystem 840 and IBM FlashSystem V840, -AE1 models nodes are affected by vulnerabilities in Apache’s Struts library (CVE-2014-7809)
Summary Apache Struts could potentially allow a remote attacker to bypass security restrictions, caused by predictable tokens. Vulnerability Details CVEID:CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By sendi...
Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)
Summary Apache Struts is used by IBM Call Center as part of its web application framework used for creating Java EE web applications. It is vulnerable to various CVEs, listed below. We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 12...
Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller and Storwize Family (CVE-2014-7809)
Summary An Open Source Apache Struts vulnerability was disclosed in August 2014. Struts is used by SAN Volume Controller and Storwize Family. Vulnerability Details CVEID: CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable...
Security Bulletin: The IBM FlashSystem V840 product model numbers AC0 and AC1 nodes are affected by vulnerabilities in Apache’s Struts library (CVE-2014-7809)
Summary Apache Struts could potentially allow a remote attacker to bypass security restrictions, caused by predictable tokens. Vulnerability Details CVEID: CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By...
Security Bulletin: The IBM FlashSystem V840 product model numbers AC0 and AC1 nodes are affected by vulnerabilities in Apache’s Struts library (CVE-2014-7809)
Summary Apache Struts could potentially allow a remote attacker to bypass security restrictions, caused by predictable tokens. Vulnerability Details CVEID: CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By...
CVE-2014-7809
CVE-2014-7809 affects Apache Struts 2.0.0–2.3.x with predictable values, enabling remote CSRF bypass. Connected IBM advisories confirm impact on IBM FlashSystem 840/V840-AC0/AC1 nodes and IBM SAN Storwize, IBM Sterling Order Management, Call Center, and related products where Struts is used as p...
Apache Struts 2 Multiple Vulnerabilities (S2-023) (S2-025)
The remote web server is using a version of Struts 2 that is affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to the token generator failing to adequately randomize the token values. An attacker can exploit this issue by extracting a token from a form...