2 matches found
Apache Struts2 Struts1_Plugin Remote Code Execution (CVE-2017-9791)
A remote code execution vulnerability exists in the Apache Struts2 using Struts1 plugin. An attacker can leverage this vulnerability by sending a crafted HTTP request to a target system. Successful exploitation could result in execution of arbitrary code on the affected system...
Remote Code Execution (RCE)
struts2-struts1-plugin is vulnerable to remote code execution RCE attacks. These attacks are possible because the user input are not sanitized and are directly passed through messages.add to be used as a part of an error message in the ActionMessage class. This doesn't affect users of the Struts...