Lucene search
K

5 matches found

F5 Networks
F5 Networks
added 2023/02/21 7:33 p.m.226 views

K10506844: Apache Struts 2 vulnerabilities CVE-2013-1966, CVE-2013-2115, CVE-2013-2134, and CVE-2013-2135

Security Advisory Description CVE-2013-1966 Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. CVE-2013-2115 Apache Struts 2 before 2.3.14.2 allow...

9.3CVSS9.1AI score0.72778EPSS
Exploits12
Github Security Blog
Github Security Blog
added 2022/05/13 1:16 a.m.40 views

Code injection in Apache Struts

A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks. both the s:url and s:a tag provide an includeParams attribute. The main scope of that attribute is to understand whether includes...

9.3CVSS1.8AI score0.72778EPSS
Exploits9References12Affected Software2
UbuntuCve
UbuntuCve
added 2013/07/10 7:55 p.m.37 views

CVE-2013-1966

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...

9.3CVSS7.3AI score0.71767EPSS
Exploits6References4
Prion
Prion
added 2013/07/10 7:55 p.m.34 views

Code injection

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966...

9.3CVSS7.5AI score0.72778EPSS
Exploits11References4Affected Software1
myhack58
myhack58
added 2013/05/22 12:0 a.m.19 views

Struts2 again broke arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

Summary Apache official struts2 products, recently out of a remote code execution vulnerability, the number“S2-0 1 3”, and is currently a 0DAY, the no official repair programme appears. http://struts.apache.org/development/2.x/docs/security-bulletins.html — (announcement) The official security...

1.9AI score
Exploits0
Rows per page
Query Builder