14 matches found
CVE-2025-68493 impact on Bamboo
h3. Issue Summary Impact of CVE-2025-68493 in Bamboo https://cwiki.apache.org/confluence/display/WW/S2-069 Parsing of XML configuration in XWork component does not validate XML in proper way and it's vulnerable to XML external entity XXE injection. h3. Steps to Reproduce ||Impact of...
Exploit for Files or Directories Accessible to External Parties in Apache Struts
This is a Proof of Concept PoC for CVE-2023-50164https://nv...
SUSE CVE-2023-34149
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
SUSE CVE-2023-34396
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
GHSA-4G42-GQRG-4633 Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory OOM owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set...
SUSE CVE-2012-1007
Multiple cross-site scripting XSS vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via 1 the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to 2 struts-cookbook/processSimple.do or 3...
br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), net.sf.fastupload:fastupload-core (=0.4.7) +25 more potentially affected by CVE-2008-6505 via org.apache.struts:struts2-core (=2.1.2)
org.apache.struts:struts2-core MAVEN version =2.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.struts:struts2-core and may be impacted: - br.net.woodstock.rockframework:rockframework-web =1.2.1, =1.2.2 - net.sf.fastupload:fastupload-cor...
GHSA-9848-V244-962P Withdrawn Advisory: Apache Struts XSS
Withdrawn Advisory This advisory has been withdrawn because it was deemed invalid. This link is maintained to preserve external references. Original Description Multiple cross-site scripting XSS vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML...
VulnCheck KEV: CVE-2012-0391
The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution...
Apache Struts Remote Code Execution Vulnerability (CNVD-2017-32355)
Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...
SOL04403302 - Apache Struts 1 vulnerability CVE-2016-1182
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
1: Class Loader manipulation via request parameters
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
Moderate: Red Hat Security Advisory: struts security update for Red Hat Application Server
An updated Struts package that fixes several security issues is now available for Red Hat Application Server. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Struts is a framework for building web applications with Java. A validation bug was...
Low: Red Hat Security Advisory: struts security update for Red Hat Application Server
Updated Red Hat Application Server components are now available including a security update for Struts. This update has been rated as having low security impact by the Red Hat Security Response Team. Red Hat Application Server packages provide a J2EE Application Server and Web container as well a...