Lucene search
K

281 matches found

Huawei
Huawei
added 2018/02/28 12:0 a.m.79 views

Security Advisory - Remote Code Execution Vulnerability in Jackson JSON library of Apache Struts2

Apache Struts2 released a remote code execution vulnerability in S2-055 on the official website. An attacker is possible to perform a Remote Code Execution RCE attack with a malicious JSON packet. Vulnerability ID: HWPSIRT-2017-12002 This vulnerability has been assigned a Common Vulnerabilities a...

9.8CVSS9.4AI score0.37925EPSS
Exploits7Affected Software4
Kitploit
Kitploit
added 2017/12/18 9:12 p.m.2091 views

JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool

JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server and others Java Platforms, Frameworks, Applications, etc. Requirements Python = 2.7.x urllib3 ipaddress Installation on Linux\Mac To install the latest version of JexBoss, please use the following commands: g...

9.8CVSS10AI score0.99999EPSS
Exploits45References3
Check Point Advisories
Check Point Advisories
added 2017/12/05 12:0 a.m.14 views

Apache Struts2 Jackson Library Remote Code Execution (CVE-2017-15095; CVE-2017-17485; CVE-2017-7525; CVE-2018-7489)

Vulnerability exists in Jackson data-bind library. This vulnerability is due to deserialization of untrusted data. A successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote system...

7.5CVSS6.6AI score0.49727EPSS
Exploits7
Veracode
Veracode
added 2017/12/04 1:11 a.m.24 views

Denial Of Service (DoS)

struts2-rest-plugin is vulnerable to denial of service DoS attacks. These attacks are possible through the use of a vulnerable version of the json-lib library. Attackers can trigger a DoS attack using a JSON payload which causes a memory leak to occur...

6.2CVSS6.6AI score0.04889EPSS
Exploits2References7Affected Software3
0day.today
0day.today
added 2017/12/02 12:0 a.m.55 views

Apache Struts2 S2-054 DoS Vulnerability

Exploit for multiple platform in category dos / poc Summary A crafted JSON request can be used to perform a DoS attack when using the Struts REST plugin Who should read this All Struts 2 developers and users which are using the REST plugin Impact of vulnerability A DoS attack is possible when usi...

5CVSS6.6AI score0.04889EPSS
Exploits2
0day.today
0day.today
added 2017/12/02 12:0 a.m.143 views

Apache Struts2 S2-055 DoS Vulnerability

Exploit for multiple platform in category dos / poc Summary Vulnerability in the Jackson JSON library Who should read this All Struts 2 developers and users which are using the REST plugin Impact of vulnerability Not clear, please read the linked issue for more details...

7.5CVSS9.4AI score0.37925EPSS
Exploits7
myhack58
myhack58
added 2017/09/11 12:0 a.m.57 views

Struts2 new flaws vulnerability bug(S2-052 presents the use case, and face the vulnerability flaws of the enterprise-the race against time-vulnerability warning-the black bar safety net

Prior to the black bar safety net it S2-052)vulnerabilities done in a special thematic report, I believe we also have understand! Recently from the Cisco Talos experimental study of the analysis chamber and NVISO laboratory for the research staff also found that there was an attacker of real use ...

7.2AI score
Exploits0
Veracode
Veracode
added 2017/09/08 6:31 a.m.42 views

Remote Code Execution (RCE)

struts2-core is vulnerable to remote code execution attacks. The vulnerability exists when expression literals, or forcing expression in Freemarker tags, are used as request values. The default Freemark configuration allows ObjectConstructor, Execurt, and freemarker.template.utility.JythonRuntime...

9.8CVSS9.6AI score0.99461EPSS
Exploits28References8Affected Software1
Check Point Advisories
Check Point Advisories
added 2017/09/08 12:0 a.m.16 views

Apache Struts2 Freemarker Remote Code Execution (CVE-2017-12611)

A remote code execution vulnerability exists in the Apache Struts2 using Freemarker template engine. An attacker could exploit this vulnerability by sending crafted requests to the target host. Successful exploitation could result in execution of arbitrary code on the affected system...

7.5CVSS3.8AI score0.8802EPSS
Exploits6
GithubExploit
GithubExploit
added 2017/09/07 8:49 a.m.11 views

Exploit for Deserialization of Untrusted Data in Apache Struts

Struts2 Vulnerability - CVE-2017-9805 Des...

8.1CVSS7.5AI score0.99461EPSS
Exploits23
pentestit
pentestit
added 2017/09/07 5:33 a.m.2275 views

S2-052: Apache Struts2 REST Plugin Payloads (CVE-2017-9805)

PenTestIT RSS Feed There is a saying making rounds now that "Apache Struts is like the WebGoat of all frameworks" and the current exploit which is being tracked under CVE-2017-9805 and the Apache Struts bulletin - S2-052 prooves just that. If you remember, I had covered another vulnerability a...

7.5CVSS9.7AI score0.99461EPSS
Exploits42
CNVD
CNVD
added 2017/09/07 12:0 a.m.7 views

Apache Struts2 S2-053 Remote Code Execution Vulnerability

Struts2 is the Apache Software Foundation is responsible for maintaining a MVC-based design pattern of the Web application framework for open source projects . Apache Struts2 suffers from a S2-053 remote code execution vulnerability that causes an attacker to remotely execute a code attack when a...

9.8CVSS10AI score0.8802EPSS
Exploits6References1
seebug.org
seebug.org
added 2017/09/07 12:0 a.m.137 views

Apache Struts2 S2-053 (CVE-2017-12611)

0x00 基本信息 漏洞编号:S2-053(CVE-2017-12611) 漏洞影响:远程代码执行 影响版本:Struts 2.0.1 -Struts 2.3.33, Struts 2.5 - Struts 2.5.10 漏洞修复:升级至最新版本 0x01 环境搭建 先用struts-2.3.33搭一个freemarker的简单项目(官方推荐的min-lib中就带了freemarker-2.3.22.jar,不用再额外去找了),就用漏洞公告里给的那个写法 运行后,未发现效果 表着急,我们用的是hidden,看看源代码 根据经验,应该是二次解析造成的漏洞,验证一下 0x02 构造POC...

7.5CVSS9.2AI score0.8802EPSS
Exploits6
Packet Storm
Packet Storm
added 2017/09/07 12:0 a.m.184 views

Apache Struts 2.5.12 XStream Remote Code Execution

Exploit Title: Struts 2.5 - 2.5.12 REST Plugin XStream RCE Google Dork: filetype:action Date: 06/09/2017 Exploit Author: Warflop Vendor Homepage: https://struts.apache.org/ Software Link: http://mirror.nbtelecom.com.br/apache/struts/2.5.10/struts-2.5.10-all.zip Version: Struts 2.5 a Struts 2.5.12...

0.4AI score0.99461EPSS
Exploits23
myhack58
myhack58
added 2017/09/07 12:0 a.m.30 views

Struts2 S2-052(CVE-2017-9805)remote code execution vulnerability bug research-vulnerability warning-the black bar safety net

Struts2 S2-052 remote code perform vulnerability bug and the previous Struts2 vulnerability bug there is a difference, S2-052 operating the Java deserialization cracks, rather than reputation notorious ognl in. The flaws of the trigger point is the REST plug-in to parse begged in the xml file, ca...

0.9AI score0.99461EPSS
Exploits23
CNVD
CNVD
added 2017/09/06 12:0 a.m.7 views

Apache Struts2 REST plugin remote code execution vulnerability

Struts2 is the Apache Software Foundation is responsible for maintaining a MVC-based design pattern of the Web application framework for open source projects . Apache Struts2 REST plugin has a remote code execution vulnerability , due to the use of XStream component on the XML format of the packe...

8.1CVSS8.5AI score0.99461EPSS
Exploits23References1
myhack58
myhack58
added 2017/09/06 12:0 a.m.83 views

Apache Struts2–052 vulnerability research alert-vulnerability warning-the black bar safety net

The REST Plugin is using a XStreamHandler with an instance of XStream for deserialization without any type of filtering and this can lead to Remote Code Execution when deserializing XML payloads. - The Apache Struts civil peace Bulletinreference 1 2017 9 5 March, the Apache Struts announcement of...

0.4AI score0.99461EPSS
Exploits23
Veracode
Veracode
added 2017/09/05 11:7 p.m.40 views

Denial Of Service (DoS)

struts2-rest-plugin is vulnerable to denial of service DoS attacks. These attacks are possible because it is using a version of xwork-core that is vulnerable to CVE-2017-7957...

7.5CVSS8.1AI score0.99461EPSS
Exploits23References8Affected Software1
Veracode
Veracode
added 2017/09/05 9:13 p.m.37 views

Regular Expression Denial Of Service (ReDoS)

struts2-core and xwork-core are vulnerable to regular expression denial of service ReDoS attacks. When the URLValidator is used it is possible to overload the server process through an attacker controlled URL. These attacks are as a result of an incomplete fix for CVE-2017-7672...

7.5CVSS7.4AI score0.99461EPSS
Exploits23References8Affected Software2
Veracode
Veracode
added 2017/09/05 8:51 p.m.10 views

Remote Code Execution (RCE)

struts2-rest-plugin is vulnerable to remote code execution RCE attacks. The vulnerability exists as XStream objects are being deserialized without any type filtering...

8.1CVSS7.8AI score0.99461EPSS
Exploits23References15Affected Software1
Rows per page
Query Builder