Lucene search
+L

4 matches found

prion
prion
added 2017/12/13 3:29 p.m.12 views

Design/Logic Flaw

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their...

6.8CVSS9.3AI score0.01873EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2017/12/13 3:29 p.m.21 views

CVE-2017-14589

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their...

9.6CVSS9.4AI score0.01873EPSS
Exploits1References3
veracode
veracode
added 2017/09/08 6:31 a.m.43 views

Remote Code Execution (RCE)

struts2-core is vulnerable to remote code execution attacks. The vulnerability exists when expression literals, or forcing expression in Freemarker tags, are used as request values. The default Freemark configuration allows ObjectConstructor, Execurt, and freemarker.template.utility.JythonRuntime...

9.8CVSS9.6AI score0.99461EPSS
Exploits28References8Affected Software1
ptsecurity
ptsecurity
added 2017/09/05 12:0 a.m.6 views

PT-2017-2794

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 2.3.33 Apache Struts versions 2.5 through 2.5.10.1 Description The issue exists due to incorrect handling of Object Graph Navigation Language OGNL expressions. Exploitation may allow a remote attacker to...

9.8CVSS9.6AI score0.99461EPSS
Exploits28References29
Rows per page
Query Builder