47 matches found
Ubuntu 16.04 ESM / 18.04 ESM : Apache Commons BeanUtils vulnerabilities (USN-4766-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4766-1 advisory. It was discovered that Apache Commons BeanUtils improperly handled certain input. An attacker could possibly use this vulnerability to cause ...
Debian: Security Advisory (DLA-292-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
K40444230: Apache Struts 1 vulnerability CVE-2016-1181
Security Advisory Description ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service unexpected memory access via a multipart request, a related issue ...
K04403302: Apache Struts 1 vulnerability CVE-2016-1182
Security Advisory Description ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting XSS attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899...
Improper Input Validation in Apache Struts
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting XSS attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899...
Mageia: Security Advisory (MGASA-2016-0244)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache Struts 1 ActionForm Denial-of-Service Vulnerability
ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service DoS...
Arbitrary code execution in Apache Commons BeanUtils
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
Security Bulletin: Vulnerability in Apache Commons BeanUtils Affects IBM Sterling B2B Integrator (CVE-2014-0114)
Summary Apache Commons BeanUtils with Struts 1 does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacke...
Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability in GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-0114)
Summary Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability by using the class parameter of an ActionForm object to manipulate the ClassLoade...
Security Bulletin: Class loader manipulation vulnerability in IBM WebSphere Application Server that shipped with WebSphere Enterprise Service Bus Registry Edition (CVE-2014-0114)
Summary A class loader manipulation vulnerability exists in the Apache Struts 1, which is used by IBM WebSphere Application Server and is provided with WebSphere Enterprise Service Bus Registry Edition Vulnerability Details This security vulnerability is fixed with available interim fixes and are...
Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2014-0114)
Summary There is a classloader manipulation vulnerability in the Apache Struts 1 that is used by IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository v6.2, v6.3, v7.0 and v7.5. Vulnerability Details This vulnerability is fixed within WebSphere Application...
Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution', 'Description' = %q This module exploits a remote code execution vulnerability in t...
Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution', 'Description' = %q This module exploits a remote code execution vulnerability in t...
Oracle WebCenter Portal Multiple Vulnerabilities (January 2018 CPU)
Binary data oraclewebcenterportalcpujan2018.nbin...
Apache Struts 2 Struts 1 Plugin ActionMessage < 2.3.32 RCE
Remote command execution vulnerability in Apache Struts 2 Struts 1 plugin ActionMessage class error message input handling Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Apache Struts 2.3.x Struts 1 plugin RCE (remote)
The Struts 1 plugin in Apache Struts 2.3.x is affected by a remote code execution vulnerability via a malicious field value passed in a raw message to the ActionMessage class. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...
Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution
This module exploits a remote code execution vulnerability in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series. Remote Code Execution can be performed via a malicious field value. This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2017-9791: Analysis of RCE in the Struts Showcase App in Struts 1 Plugin
On July 7th, a new security vulnerability was published in Apache Struts 2 CVE-2017-9791 S2-0481. Struts 2.3.x users with Struts 1 plugin, which includes the Showcase app, are vulnerable. Once again, this vulnerability enables a Remote Code Execution RCE, which is the most commonly exploited Apac...
Apache Struts 2.3.x Showcase App Struts 1 Plugin ActionMessage Class Error Message Input Handling RCE (S2-048)
The version of Apache Struts running on the remote Windows host is 2.3.x. It is, therefore, potentially affected by a remote code execution vulnerability in the Struts 1 plugin showcase app in the ActionMessage class due to improper validation of user-supplied input passed via error messages. An...