GHSA-72W9-FCJ5-3FCG Improper Authentication in Apache Shiro

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

Vaadin flow path traversal vulnerability

Vaadin flow is a software application. the Vaadin platform is a Java framework for building modern websites that look great, perform well and keep you and your users happy. A path traversal vulnerability exists in vaadin: flow-server versions 2.0.0 through 2.4.1, which can be exploited by an...

Vaadin flow has an unspecified vulnerability

Vaadin flow is an application. vaadin platform Java framework for building modern websites that look good, perform well and keep you and your users happy. vaadin: flow-server versions 3.0.0 through 5.0.3 have a security vulnerability that can be exploited by attackers to guess the security token ...

Vaadin flow resource management error vulnerability

Vaadin flow is an application. vaadin platform Java framework for building modern websites that look good, perform well and delight you and your users. vaadin: vaadin-text-field-flow versions 2.0.4 through 2.3.2 are vulnerable to resource management errors, which can be exploited by attackers to ...

File upload vulnerability in jfinal

jfinal is based on the Java language of the extremely fast WEB + ORM framework . jfinal has a file upload vulnerability that can be exploited by an attacker to gain control of the server...

Apache Dubbo Deserialization Vulnerability

Apache Dubbo is a Java-based high-performance RPC framework . Apache Dubbo has a deserialization vulnerability that can be exploited by an attacker to execute code...

Unspecified Vulnerability in SAP NetWeaver Application Server Java

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A security vulnerability exists in SAP NetWeaver Application Server Java J2EE-Framework that can be...

Apache Struts 2.3.20 < 2.3.29 / 2.5.x < 2.5.13 Denial of Service Vulnerability (S2-041)

The version of Apache Struts running on the remote Windows host is 2.3.20 prior to 2.3.29 or 2.5.x 2.5.13. It is, therefore, affected by a denial of service vulnerability in URLValidator due to improper handling of form fields. An unauthenticated, remote attacker can exploit this, via a crafted...

Apache Struts 2.x < 2.3.14.3 Remote Code Execution Vulnerability (S2-012)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.14.3. It, therefore, is affected by a remote command execution vulnerability in the ParameterInterceptor class due to improper handling of user-supplied input data. An unauthenticated, remote attacker could exploit this...

Apache Struts 2.x < 2.3.15.2 Dynamic Method Invocation Multiple Vulnerabilities (S2-019)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.15.2. It, therefore, is affected by multiple Dynamic Method Invocation DMI vulnerabilities as DMI is enabled by default. Note that Nessus has not tested for these issues but has instead relied only on the application's...

Apache Struts 2.x < 2.3.15.1 Multiple Vulnerabilities (S2-016) (S2-017)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.15.1. It, therefore, is affected by multiple vulnerabilities including a remote command execution vulnerability and an open redirect vulnerability. Note that Nessus has not tested for these issues but has instead relied...

JDK: path traversal flaw in the Diagnostic Tooling Framework

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java DTFJ IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0 does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882...

Pivotal Spring Java Framework < 5.0 - Remote Code Execution Exploit

Exploit for java platform in category web applications Exploit Title: Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting...

Pivotal Spring Java Framework < 5.0 - Remote Code Execution

Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting to spring STOMP, and putting the key for "selector" header, we can...

Apache Struts 2.3.x Showcase App Struts 1 Plugin ActionMessage Class Error Message Input Handling RCE (S2-048)

The version of Apache Struts running on the remote Windows host is 2.3.x. It is, therefore, potentially affected by a remote code execution vulnerability in the Struts 1 plugin showcase app in the ActionMessage class due to improper validation of user-supplied input passed via error messages. An...

Apache Struts 2.5.x < 2.5.13 URLValidator Form Field Handling Remote DoS (S2-044)

The version of Apache Struts running on the remote host is 2.5.x prior to 2.5.13. It is, therefore, affected by a denial of service vulnerability in the URLValidator class due to improper handling of user-supplied input to the form field. An unauthenticated, remote attacker can exploit this, via ...

Debian Security Advisory DSA 3536-1 (libstruts1.2-java - security update)

It was discovered that libstruts1.2-java, a Java framework for MVC applications, contains a bug in its multi-page validation code. This allows input validation to be bypassed, even if MPV is not used directly. OpenVAS Vulnerability Test $Id: deb3536.nasl 6608 2017-07-07 12:05:05Z cfischer $...

DSA-3536-1 libstruts1.2-java - security update

Bulletin has no description...

JVN#88408929: Apache Struts vulnerable to cross-site scripting

Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Apache Struts is vulnerable to cross-site scripting when JSP files can be accessed directly. Impact An arbitrary script may be executed on the user's Internet Explorer when the...

Apache Struts 2.3.20 Incorrect Default Exclude Pattern (S2-024)

The remote web server is using Apache Struts version 2.3.20. It is, therefore, affected by an issue where the default exclude patterns are incorrect when using default settings. This allows a remote attacker to impact the internal application's state. Note that Nessus has not tested for this issu...