Lucene search
+L

27 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.75 views

Apache Struts <=2.5.20 - Remote Code Execution

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution. id: CVE-2019-0230 info: name: Apache Struts =2.5.20 - Remote Code Execution author: geeknik severity: critical description: Apache Struts 2.0.0 ...

9.8CVSS8.9AI score0.97399EPSS
Exploits15References5
Tenable Nessus
Tenable Nessus
added 2023/11/03 12:0 a.m.55 views

F5 Networks BIG-IP : Apache Struts vulnerabilities (K35226442)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K35226442 advisory. - An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing...

9.8CVSS8.3AI score0.97399EPSS
Exploits15References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/11 1:6 a.m.46 views

Security Bulletin: IBM Sterling Order Management Apache Struts vulnerablity

Summary IBM Sterling Order Management Apache Struts vulnerablity Vulnerability Details CVEID: CVE-2019-0233 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker...

9.8CVSS0.9AI score0.97399EPSS
Exploits15Affected Software1
vulnersOsv
vulnersOsv
added 2021/12/02 2:50 p.m.4 views

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +298 more potentially affected by CVE-2019-0230 via org.apache.struts:struts2-core (>=2.0.11 <=2.5.20)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.2, =1.0, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2019-0230 Source advisory: OSV:GHSA-WP4H-PVGW-5727...

9.8CVSS7.4AI score0.97399EPSS
Exploits15
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/13 1:33 p.m.57 views

Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.

Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2019-0233, CVE-2019-0230 Vulnerability Details CVEID: CVE-2019-0233 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a fi...

9.8CVSS1.2AI score0.97399EPSS
Exploits15Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2021/01/08 7:54 p.m.421 views

Metasploit Wrap-Up

Struts2 Multi Eval OGNL RCE Our very own zeroSteiner added exploit/multi/http/struts2multievalognl, which exploits Struts2 evaluating OGNL expressions in HTML attributes multiple times CVE-2019-0230 and CVE-2020-17530. The CVE-2019-0230 OGNL chain for remote code execution requires a one-time cha...

10CVSS9.4AI score0.97822EPSS
Exploits46
Packet Storm
Packet Storm
added 2020/12/24 12:0 a.m.1250 views

Apache Struts 2 Forced Multi OGNL Evaluation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Forced Multi OGNL Evaluation', 'Description' = %q The Apache Struts framework, when forced, performs double evaluation of...

7.5CVSS9.8AI score0.97399EPSS
Exploits23
GithubExploit
GithubExploit
added 2020/12/11 6:57 p.m.61 views

Exploit for Prototype Pollution in Apache Struts

CVE-2019-0230Struts2S2-059 How to use Build Struts25...

9.8CVSS9.8AI score0.97399EPSS
Exploits15
Saint
Saint
added 2020/11/27 12:0 a.m.661 views

Apache Struts double OGNL evaluation

Added: 11/27/2020 CVE: CVE-2019-0230 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigatio...

7.5CVSS9.8AI score0.97399EPSS
Exploits15
Saint
Saint
added 2020/11/27 12:0 a.m.63 views

Apache Struts double OGNL evaluation

Added: 11/27/2020 CVE: CVE-2019-0230 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigatio...

9.8CVSS9.8AI score0.97399EPSS
Exploits15
Packet Storm
Packet Storm
added 2020/11/17 12:0 a.m.654 views

Apache Struts 2.5.20 Double OGNL Evaluation

Exploit Title: Apache Struts 2.5.20 - Double OGNL evaluation Date: 08/18/2020 Exploit Author: West Shepherd Vendor Homepage: https://struts.apache.org/download.cgi Version: Struts 2.0.0 - Struts 2.5.20 S2-059 CVE : CVE-2019-0230 Credit goes to reporters Matthias Kaiser, Apple InformationSecurity,...

7.5CVSS0.97399EPSS
Exploits15
0day.today
0day.today
added 2020/11/17 12:0 a.m.111 views

Apache Struts 2.5.20 - Double OGNL evaluation Exploit

Exploit Title: Apache Struts 2.5.20 - Double OGNL evaluation Exploit Author: West Shepherd Vendor Homepage: https://struts.apache.org/download.cgi Version: Struts 2.0.0 - Struts 2.5.20 S2-059 CVE : CVE-2019-0230 Credit goes to reporters Matthias Kaiser, Apple InformationSecurity, and the Github...

9.8CVSS9.6AI score0.97399EPSS
Exploits15
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/04 9:7 a.m.40 views

Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. Vulnerability Details CVEID:...

9.8CVSS0.7AI score0.97399EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/28 7:8 p.m.36 views

Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. Vulnerability Details CVEID:...

9.8CVSS0.7AI score0.97399EPSS
Exploits15Affected Software1
GithubExploit
GithubExploit
added 2020/10/22 5:55 p.m.76 views

Exploit for Prototype Pollution in Apache Struts

It is an offensive tool for Apache Struts 2 exploitation. The re...

9.8CVSS10AI score0.97399EPSS
Exploits15
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/23 4:29 a.m.42 views

Security Bulletin: Multiple vulnerabilities in Apache Struts affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-0233, CVE-2019-0230)

Summary Fix is available for vulnerabilities in Apache Struts affecting Tivoli Netcool/OMNIbus WebGUI CVE-2019-0233, CVE-2019-0230. Vulnerability Details CVEID: CVE-2019-0233 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a...

9.8CVSS1.4AI score0.97399EPSS
Exploits15Affected Software1
Circl
Circl
added 2020/09/14 8:55 p.m.13 views

CVE-2019-0230

creationtimestamp| type| source ---|---|--- 2020-09-14 20:55:04+00:00| seen| https://t.me/cibsecurity/14642 2020-12-23 17:47:29+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/struts2multievalognl.rb 2021-01-10 20:25:14+00:00|...

9.8CVSS8.7AI score0.97399EPSS
Exploits15References7
Cvelist
Cvelist
added 2020/09/14 4:41 p.m.32 views

CVE-2019-0230

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution...

9.7AI score0.97399EPSS
Exploits15References9
CVE
CVE
added 2020/09/14 4:41 p.m.482 views

CVE-2019-0230

CVE-2019-0230 affects Apache Struts 2.0.0–2.5.20 and is caused by forced double OGNL evaluation on raw user input in tag attributes, potentially enabling remote code execution. Reported impact is remote code execution with high severity (CVE CVSSv3 9.8). Mitigation documented in the sources inclu...

9.8CVSS9.5AI score0.97399EPSS
In wildExploits15References9Affected Software1
Atlassian
Atlassian
added 2020/09/14 1:58 a.m.51 views

CVE-2019-0230 - Apache Struts Potential Remote Code Execution Vulnerability [Confluence Server is not affected]

Atlassian Confluence Server and Data Center is not affected by CVE-2019-0230 Apache Struts Potential Remote Code Execution Vulnerability...

9.8CVSS4.5AI score0.97399EPSS
Exploits15
Rows per page
Query Builder