19 matches found
Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities (CVE-2024-53677, CVE-2025-23184)
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-53677 DESCRIPTION: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this ca...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts
CVE-2024-53677: Apache Struts path traversal to RCE vulnerabil...
SUSE CVE-2024-53677
File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts
CVE-2024-53677 - Apache Struts 2 Remote Code Execution Vulnerabi...
Upgrade Struts to avoid false-positive scanner warnings about CVE-2024-53677
h3. Issue Summary Recent CVE-2024-53677 at Struts triggers vulnerability scanners warning. panel:title=Bamboo is not affected Supported versions of Bamboo 9.2+, 9.6+, 10.2+ are not affected because FileUploadInterceptor doesn't handle uploaded files. panel h3. Steps to Reproduce See WEB-INB/lib...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts
Disclaimer Do not use the related technologies described in...
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts
đ¨đ¨ CVE-2024-53677-S2-067 đ¨đ¨ Security Notice: CVE-2024-53677...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts
Source of POC https://y4tacker.github.io/2024/12/16/year/2024/...
Apache Struts 2.0.0 <=> 2.3.37(EOL) / 2.5.0 <=> 2.5.33 / 6.0.0 <=> 6.3.0.2 Remote Code Execution (S2-067)
The version of Apache Struts installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the S2-067 advisory. - File upload logic is flawed vulnerability in Apache Struts. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts
đ¨đ¨ CVE-2024-53677-S2-067đ¨đ¨ Security Advisory: CVE-2024-53677 â...
CVE-2024-53677
A flaw was found in Apache Struts. Affected versions of this package are vulnerable to remote code execution RCE via manipulation of the file upload mechanism that enables path traversal. Under certain conditions, uploading a malicious file is possible and may then be executed on the server...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts
s2-067-CVE-2024-53677 s2-067CVE-2024-53677 Summary File uplo...
Apache Struts Security Update (S2-067)
Apache Struts is prone to a file upload logic vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:struts";...
be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +330 more potentially affected by CVE-2024-53677 via org.apache.struts:struts2-core (>=2.0.5 <=6.3.0.2)
org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.9, =1.2, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2024-53677 Source advisory: OSV:GHSA-43MQ-6XMG-29VM...
CVE-2024-53677
File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before...
CVE-2024-53677
creationtimestamp| type| source ---|---|--- 2024-12-11 15:43:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113634953112650669 2024-12-11 17:44:47+00:00| seen| https://t.me/cvedetector/12636 2024-12-11 21:07:18+00:00| seen|...
CVE-2024-53677 Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before...
CVE-2024-53677 Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before...