4 matches found
Design/Logic Flaw
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their...
CVE-2017-14589
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their...
Remote Code Execution (RCE)
struts2-core is vulnerable to remote code execution attacks. The vulnerability exists when expression literals, or forcing expression in Freemarker tags, are used as request values. The default Freemark configuration allows ObjectConstructor, Execurt, and freemarker.template.utility.JythonRuntime...
PT-2017-2794
Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 2.3.33 Apache Struts versions 2.5 through 2.5.10.1 Description The issue exists due to incorrect handling of Object Graph Navigation Language OGNL expressions. Exploitation may allow a remote attacker to...