Lucene search
K

30 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/03 12:0 a.m.85 views

F5 Networks BIG-IP : Apache Struts vulnerabilities (K24608264)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K24608264 advisory. - Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code executio...

9.8CVSS8.1AI score0.95922EPSS
Exploits16References3
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.206 views

K24608264: Apache Struts vulnerabilities CVE-2020-17530 and CVE-2021-31805

Security Advisory Description CVE-2020-17530 Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. CVE-2021-31805 The fix issued for CVE-2020-17530 was incomplete. So from Apache Stru...

9.8CVSS9.1AI score0.95922EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/09 8:1 a.m.34 views

Security Bulletin: CVE-2020-17530 may affect Apache struts2-core used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Vulnerability found in Apache struts2-core-2.5.22 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2020-17530 DESCRIPTION: Apache Struts could allo...

9.8CVSS0.6AI score0.95922EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/09 8:0 a.m.43 views

Security Bulletin: CVE-2020-17530 may affect Apache struts2-core used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Vulnerability found in Apache struts2-core-2.5.22 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2020-17530 DESCRIPTION: Apache Struts could allo...

9.8CVSS0.6AI score0.95922EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/09 7:30 a.m.34 views

Security Bulletin: CVE-2020-17530 may affect Apache struts2-core used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Vulnerability found in Apache struts2-core-2.5.22 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2020-17530 DESCRIPTION: Apache Struts could allo...

9.8CVSS0.6AI score0.95922EPSS
Exploits11Affected Software1
Saint
Saint
added 2022/04/26 12:0 a.m.157 views

Apache Struts forced OGNL evaluation incomplete fix

Added: 04/26/2022 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigation Language OGNL to...

9.8CVSS10AI score0.95922EPSS
Exploits11
Saint
Saint
added 2022/04/26 12:0 a.m.219 views

Apache Struts forced OGNL evaluation incomplete fix

Added: 04/26/2022 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigation Language OGNL to...

9.8CVSS10AI score0.95922EPSS
Exploits11
Veracode
Veracode
added 2022/04/13 4:46 a.m.102 views

Remote Code Execution (RCE)

Apache Struts is vulnerable to remote code execution. The vulnerability exists due to an incomplete fix of CVE-2020-17530 which is double evaluation if OGNL is used, allowing an attacker to inject maliciously crafted script via the %... syntax within the Struts tag...

9.8CVSS4.1AI score0.95922EPSS
Exploits16References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/13 12:0 a.m.71 views

Expression Language Injection in Apache Struts

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

9.8CVSS2.1AI score0.95922EPSS
Exploits16References6Affected Software1
OpenVAS
OpenVAS
added 2022/04/13 12:0 a.m.31 views

Apache Struts Security Update (S2-062) - Version Check

Apache Struts is prone to a remote code execution RCE vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

9.8CVSS9.9AI score0.95922EPSS
Exploits16References5
UbuntuCve
UbuntuCve
added 2022/04/12 4:15 p.m.37 views

CVE-2021-31805

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

9.8CVSS7.2AI score0.85315EPSS
Exploits16References3
vulnersOsv
vulnersOsv
added 2022/02/09 10:51 p.m.5 views

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +300 more potentially affected by CVE-2020-17530 via org.apache.struts:struts2-core (>=2.0.11 <=2.5.25)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.2, =1.0, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2020-17530 Source advisory: OSV:GHSA-JC35-Q369-45PV...

9.8CVSS6.9AI score0.95922EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2021/07/06 12:0 a.m.172 views

Apache Struts 2.0.0 < 2.5.26 Possible Remote Code Execution vulnerability (S2-061)

The version of Apache Struts installed on the remote host is prior to 2.5.26. It is, therefore, affected by a vulnerability as referenced in the S2-061 advisory. - Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software :...

9.8CVSS7.6AI score0.95922EPSS
Exploits11References2
OpenVAS
OpenVAS
added 2021/04/22 12:0 a.m.39 views

Apache Struts Security Update (S2-061) - Active Check

Apache Struts is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.4AI score0.95922EPSS
Exploits11References4
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/22 1:6 p.m.32 views

Security Bulletin: Multiple vulnerabilities is affecting Tivoli Netcool/OMNIbus WebGUI (CVE-2021-20336, CVE-2020-17530)

Summary Fix is available for multiple vulnerabilities affecting Tivoli Netcool/OMNIbus WebGUI CVE-2021-20336, CVE-2020-17530. Vulnerability Details CVEID: CVE-2021-20336 DESCRIPTION: IBM Tivoli Netcool/OMNIbusGUI is vulnerable to stored cross-site scripting. This vulnerability allows users to emb...

9.8CVSS1.8AI score0.95922EPSS
Exploits11Affected Software1
Atlassian
Atlassian
added 2021/02/22 11:35 a.m.69 views

Update Apache Struts 2 to avoid CVE-2020-17530

Update Apache Struts to 2.5.26 to avoid CVE-2020-17530|https://cwiki.apache.org/confluence/display/ww/s2-061...

9.8CVSS2.1AI score0.95922EPSS
Exploits11
Atlassian
Atlassian
added 2021/02/22 11:35 a.m.100 views

Update Apache Struts 2 to avoid CVE-2020-17530

Update Apache Struts to 2.5.26 to avoid CVE-2020-17530|https://cwiki.apache.org/confluence/display/ww/s2-061...

9.8CVSS2.1AI score0.95922EPSS
Exploits11Affected Software1
GithubExploit
GithubExploit
added 2021/01/24 7:51 a.m.79 views

Exploit for Expression Language Injection in Apache Struts

CVE-2020-17530-s2-061 s2-061 graphical interface, only for f...

9.8CVSS7AI score0.95922EPSS
Exploits11
Rapid7 Blog
Rapid7 Blog
added 2021/01/08 7:54 p.m.421 views

Metasploit Wrap-Up

Struts2 Multi Eval OGNL RCE Our very own zeroSteiner added exploit/multi/http/struts2multievalognl, which exploits Struts2 evaluating OGNL expressions in HTML attributes multiple times CVE-2019-0230 and CVE-2020-17530. The CVE-2019-0230 OGNL chain for remote code execution requires a one-time cha...

10CVSS9.4AI score0.97822EPSS
Exploits46
GithubExploit
GithubExploit
added 2020/12/30 5:23 p.m.81 views

Exploit for Expression Language Injection in Apache Struts

CVE-2020-17530 Quick POC for CVE-2020-17530https://nvd.nis...

9.8CVSS9.7AI score0.95922EPSS
Exploits11
Rows per page
Query Builder