Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

26 matches found

Saint
Saintadded 2010/08/05 12:0 a.m.45 views

Apache Struts2 XWork ParameterInterceptor security bypass

Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...

5CVSS9.9AI score0.91079EPSS
Exploits22
Saint
Saintadded 2010/08/05 12:0 a.m.66 views

Apache Struts2 XWork ParameterInterceptor security bypass

Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...

5CVSS9.9AI score0.91079EPSS
Exploits22
Saint
Saintadded 2010/08/05 12:0 a.m.41 views

Apache Struts2 XWork ParameterInterceptor security bypass

Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...

5CVSS9.9AI score0.91079EPSS
Exploits22
Saint
Saintadded 2010/08/05 12:0 a.m.29 views

Apache Struts2 XWork ParameterInterceptor security bypass

Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...

5CVSS9.9AI score0.91079EPSS
Exploits22
seebug.org
seebug.orgadded 2008/11/06 12:0 a.m.37 views

XWork 'ParameterInterceptor'类OGNL安全绕过漏洞

BUGTRAQ ID: 32101 CNCAN ID:CNCAN-2008110505 XWork是一款命令模式框架,用于支持Struts 2及其他应用。 XWork存在设计问题,远程攻击者可以利用漏洞绕过安全限制,操作服务端上下文对象。 XWork ParametersInterceptor实现存在安全绕过问题,OGNL是复杂的语言提供大量特性,如使用表达式评估: http://www.ognl.org/2.6.9/Documentation/html/LanguageGuide/expressionEvaluation.html...

6.9AI score
Exploits0
exploitpack
exploitpackadded 2008/11/04 12:0 a.m.14 views

XWork 2.0.11.2 - ParameterInterceptor Class OGNL Security Bypass

XWork 2.0.11.2 - ParameterInterceptor Class OGNL Security Bypass source: https://www.securityfocus.com/bid/32101/info XWork is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. Attackers can exploit this issue to manipulate server-side context...

7.4AI score
Exploits0
Rows per page
Query Builder