Struts2远程代码执行漏洞（S2-033）

参考来源：绿盟科技 影响的版本 Struts 2.3.20 – Struts 2.3.28 不包括 2.3.20.3和 2.3.24.3。 不受影响的版本 Struts 2.3.20.3、 2.3.24.3 或者 2.3.28.1。 编者注： 2.3.28.1版本默认不启用"enableOGNLEvalExpression", 当存在以下配置时可触发该漏洞 漏洞分析 经过对Apache Struts2版本进行回溯，发现修复S2-033的代码和S2-032的代码基本相同。 根据官方描述修复S2-032漏洞是在Struts...

chromium-browser: out-of-bounds read in v8

The regexp aka regular expression implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service out-of-bounds read via crafted JavaScript code...

SRC-2017-0011 : Hewlett Packard Enterprise Intelligent Management Center addVsiInterfaceInfo Expression Language Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

SRC-2017-0017 : Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload IctTableExportToCSVBean Expression Language Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

SRC-2017-0009 : Hewlett Packard Enterprise Intelligent Management Center SyslogTempletSelectWin Expression Language Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

SRC-2017-0020 : Hewlett Packard Enterprise Intelligent Management Center powershellConfigContent Expression Language Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

UBUNTU-CVE-2016-1688

The regexp aka regular expression implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service out-of-bounds read via crafted JavaScript code...

CVE-2016-1688

The regexp aka regular expression implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service out-of-bounds read via crafted JavaScript code...

pcre: Buffer overflow caused by duplicate named references (8.38/36)

PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and...

pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)

PCRE before 8.38 mishandles certain instances of the ?| substring, which allows remote attackers to cause a denial of service unintended recursion and buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)

PCRE before 8.38 mishandles the /?|\k'Pm'|?'Pm'/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...

Regular Expression Denial of Service

Overview Affected versions of minimatch are vulnerable to regular expression denial of service attacks when user input is passed into the pattern argument of minimatchpath, pattern. Proof of Concept var minimatch = require“minimatch”; // utility function for generating long strings var genstr =...

CentOS 7 : pcre (CESA-2016:1025)

An update for pcre is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)

The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based...

Regular Expression Denial of Service

Overview Affected versions of negotiator are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted Accept-Language header value. Recommendation Update to version 0.6.1 or later. References GitHub Advisory...

Attention! Struts 2 s2-0 3 2 remote code is again a wave of black rhythm-vulnerability warning-the black bar safety net

1. Description: Struts 2 is the Struts of the next generation of products, is in the struts 1 and WebWork technology based on a merge of the new Struts 2 framework. Its brand new Struts 2 architecture and Struts 1 architecture the difference is huge. Struts 2 with WebWork as the core, using the...

Joyent Node.js marked denial of service vulnerability

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. marked is a Markdown parser and compiler. A denial of service vulnerability exists in Joyent Node.js marked, which allows remote attackers to conduct denial of service attacks by submitting a specially...

Regular Expression Denial Of Service

Overview Affected versions of uri-js is susceptible to a regular expression denial of service vulnerability when user input is sent to the .parse method. Recommendation Update to v3.0.0 or later. References - Issue 12 - GitHub Advisory...

CVE-2016-2515

Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service CPU consumption or partial outage via a long 1 header or 2 URI that is matched against an improper regular expression...

Input validation

Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service CPU consumption or partial outage via a long 1 header or 2 URI that is matched against an improper regular expression...