9 matches found
K16827: Apache Struts vulnerability CVE-2015-1831
Security Advisory Description Description Incorrect default exclude patterns were introduced in version 2.3.20 of Struts, if default settings are used, the attacker can compromise internal application's state. CVE-2015-1831 Impact There is no impact; F5 products are not affected by this...
be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +214 more potentially affected by CVE-2015-1831 via org.apache.struts:struts2-core (>=2.0.11 <=2.3.20)
org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.0.0, =1.2.6 and more Source cves: CVE-2015-1831 Source advisory: OSV:GHSA-Q2CG-XF9P-H457...
Security Bulletin: A vulnerability in Open Source Struts affects the IBM FlashSystem V840 (CVE 2015-1831)
Summary There is a vulnerability in the Open Source Struts used by the IBM FlashSystem V840. An exploit of this vulnerability could result in an attacker gaining control of internal states which affect the FlashSystem V840. Vulnerability Details CVEID: CVE-2015-1831 DESCRIPTION: An unspecified...
Security Bulletin: A vulnerability in Open Source Struts affects the IBM FlashSystem 900 (CVE 2015-1831)
Summary There is a vulnerability in the Open Source Struts used by the IBM FlashSystem 900. An exploit of this vulnerability could result in an attacker gaining control of internal states which affect the FlashSystem 900. Vulnerability Details CVEID: CVE-2015-1831 DESCRIPTION: An unspecified...
Security Bulletin: A vulnerability in Open Source Struts affects the IBM FlashSystem V9000 (CVE 2015-1831)
Summary There is a vulnerability in the Open Source Struts used by the IBM FlashSystem V9000. An exploit of this vulnerability could result in an attacker gaining control of internal states which affect the FlashSystem V9000. Vulnerability Details CVEID: CVE-2015-1831 DESCRIPTION: An unspecified...
CVE-2015-1831
The default exclude patterns excludeParams in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors...
CVE-2015-1831
CVE-2015-1831 concerns Apache Struts 2.3.20, where misleading default excludeParams could let an attacker alter an application’s internal state. IBM advisories list affected IBM storage platforms (FlashSystem 900/ V840/ V9000 and Storwize families) with fixes in specific code levels (e.g., FlashS...
SOL16827 - Apache Struts vulnerability CVE-2015-1831
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
Apache Struts Exclude mode Vulnerability(CVE-2 0 1 5-1 8 3 1)-vulnerability warning-the black bar safety net
Affected system: The Apache Group Struts 2.3.20 Not affected system: The Apache Group Struts 2.3.20.1 Description: CVECAN ID: CVE-2 0 1 5-1 8 3 1 Struts is for building Web applications of open source. Struts 2.3.20 using the wrong default the exclude mode, If enabled the default setting, the err...