Lucene search
K

100 matches found

OSV
OSV
added 2022/05/14 2:55 a.m.26 views

GHSA-9CCM-G362-2R35 XWork in Apache Struts Reveals Sensitive Information

XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772....

5CVSS7.2AI score0.0614EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2022/05/14 2:55 a.m.8 views

ca.stellardrift.guice-backport.extensions:guice-struts2 (=5.0.1), com.google.inject.extensions:guice-struts2 (>=3.0 <=5.0.1) +58 more potentially affected by CVE-2011-2088 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.2.1.1)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =3.0, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =2.4.0, =2.4.0, =3.0.0, =2.0.7-incubating, =2.2.1.11, =2.2.1, =2.2.1.1 and more Source cves: CVE-2011-2088 Source advisory: OSV:GHSA-9CCM-G362-2R35...

5CVSS5.8AI score0.0614EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/14 1:57 a.m.9 views

br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +117 more potentially affected by CVE-2013-2134 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.14.2)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.2.0, =1.0.3, =3.0, =1.7.3, =1.7.3, =1.7.3, =2.4.0, =2.4.0, =3.0.0, =3.6.0 and more Source cves: CVE-2013-2134 Source advisory: OSV:GHSA-GQQM-564F-VVXQ...

9.3CVSS7.2AI score0.70211EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/05/14 1:57 a.m.5 views

br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +117 more potentially affected by CVE-2013-2135 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.14.2)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.2.0, =1.0.3, =3.0, =1.7.3, =1.7.3, =1.7.3, =2.4.0, =2.4.0, =3.0.0, =3.6.0 and more Source cves: CVE-2013-2135 Source advisory: OSV:GHSA-PW8R-X2QM-3H5M...

9.3CVSS7.2AI score0.13828EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/14 1:51 a.m.4 views

ca.stellardrift.guice-backport.extensions:guice-struts2 (=5.0.1), com.google.inject.extensions:guice-struts2 (>=3.0 <=5.0.1) +63 more potentially affected by CVE-2012-0838 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.2.3)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =3.0, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =2.4.0, =2.4.0, =3.0.0, =2.0.0, =0.9.2, =0.9.0, =0.9.1 - io.forestframework:guice-struts2 =5.0.1.1 and more Source cves: CVE-2012-0838 Source advisory: OSV:GHSA-MWRX-HX6X-3HHV...

10CVSS7.2AI score0.1388EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/14 12:54 a.m.5 views

br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +167 more potentially affected by CVE-2014-0094 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.16.1)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.5.3, =1.5.3, =1.2.0, =1.0.0, =1.0.3, =1.2.2, =1.4.1, =3.0, =1.7.3, =1.7.3, =1.7.4 and more Source cves: CVE-2014-0094 Source advisory: OSV:GHSA-VRWC-QJMW-5RJM...

5CVSS7.2AI score0.99614EPSS
Exploits7
vulnersOsv
vulnersOsv
added 2022/05/14 12:54 a.m.7 views

br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +115 more potentially affected by CVE-2013-1966 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.14.1)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.2.0, =1.0.3, =3.0, =1.7.3, =1.7.3, =1.7.3, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =3.2.1 and more Source cves: CVE-2013-1966 Source advisory: OSV:GHSA-737W-MH58-CXJPhttps://vulners.com/osv/OSV:GHSA-737W...

9.3CVSS7.2AI score0.71767EPSS
Exploits6
vulnersOsv
vulnersOsv
added 2022/05/13 1:16 a.m.7 views

br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +115 more potentially affected by CVE-2013-2115 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.14.1)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.2.0, =1.0.3, =3.0, =1.7.3, =1.7.3, =1.7.3, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =3.2.1 and more Source cves: CVE-2013-2115 Source advisory: OSV:GHSA-7GHM-RPC7-P7G5https://vulners.com/osv/OSV:GHSA-7GHM...

9.3CVSS7.2AI score0.72778EPSS
Exploits9
vulnersOsv
vulnersOsv
added 2022/05/04 12:29 a.m.5 views

br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +194 more potentially affected by CVE-2012-0394 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.16.3)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.5.3, =1.5.3, =0.5.9, =1.2.0, =1.0.0, =2.0, =1.0.3, =1.2.2, =1.4.1, =3.0, =5.0.1 - com.googlecode.s2rome:struts2-rome-plugin =0.3 and more Source cves: CVE-2012-0394 Source advisory: OSV:GHSA-HMVJ-GC9Q-MG9P...

6.8CVSS7.2AI score0.74405EPSS
Exploits9
vulnersOsv
vulnersOsv
added 2022/05/04 12:29 a.m.7 views

ca.stellardrift.guice-backport.extensions:guice-struts2 (=5.0.1), com.google.inject.extensions:guice-struts2 (>=3.0 <=5.0.1) +63 more potentially affected by CVE-2012-0393 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.2.3)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =3.0, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =2.4.0, =2.4.0, =3.0.0, =2.0.0, =0.9.2, =0.9.0, =0.9.1 - io.forestframework:guice-struts2 =5.0.1.1 and more Source cves: CVE-2012-0393 Source advisory: OSV:GHSA-HXQQ-W4MR-MC62...

6.4CVSS7.2AI score0.38261EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/05/04 12:29 a.m.11 views

ca.stellardrift.guice-backport.extensions:guice-struts2 (=5.0.1), com.google.inject.extensions:guice-struts2 (>=3.0 <=5.0.1) +63 more potentially affected by CVE-2012-0391 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.2.3)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =3.0, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =2.4.0, =2.4.0, =3.0.0, =2.0.0, =0.9.2, =0.9.0, =0.9.1 - io.forestframework:guice-struts2 =5.0.1.1 and more Source cves: CVE-2012-0391 Source advisory: OSV:GHSA-4WRR-9H5R-M92W...

9.8CVSS7.1AI score0.75071EPSS
Exploits11
vulnersOsv
vulnersOsv
added 2022/05/04 12:29 a.m.4 views

ca.stellardrift.guice-backport.extensions:guice-struts2 (=5.0.1), com.google.inject.extensions:guice-struts2 (>=3.0 <=5.0.1) +63 more potentially affected by CVE-2012-0392 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.2.3)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =3.0, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =2.4.0, =2.4.0, =3.0.0, =2.0.0, =0.9.2, =0.9.0, =0.9.1 - io.forestframework:guice-struts2 =5.0.1.1 and more Source cves: CVE-2012-0392 Source advisory: OSV:GHSA-2PPP-XJ34-VVF7...

6.8CVSS7.2AI score0.96787EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/05/01 6:24 p.m.12 views

com.google.code.struts2webflow:struts2webflow-parent (=1.0.4), com.google.code.struts2webflow:struts2webflow-plugin (=1.0.4) +23 more potentially affected by CVE-2007-4556 via opensymphony:xwork (>=2.0.0 <=2.0.3)

opensymphony:xwork MAVEN version =2.0.0, =2.0.5, =2.0.5, =2.0.5, =2.0.5, =2.0.5, =2.0.5, =2.0.5, =2.0.5, =2.0.5, =2.0.5, =2.0.8 and more Source cves: CVE-2007-4556 Source advisory: OSV:GHSA-H7MF-QRM9-2848...

6.8CVSS5.8AI score0.25749EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/01 6:24 p.m.4 views

berkano:bean-displaytag (>=20050615.234814 <=20050616.015551), berkano:berkano-util (>=20050725.114415 <=dev-20050723) +28 more potentially affected by CVE-2007-4556 via opensymphony:xwork (>=1.0.3 <=1.2.2)

opensymphony:xwork MAVEN version =1.0.3, =20050615.234814, =20050725.114415, =2.1.5, =1.1.3, =1.0-alpha-1, =1.1-beta-1, =1.1-beta-1, =1.0-beta-2, =1.0-beta-3 - org.codehaus.jet:jet-web-engine =1.0-beta-2 and more Source cves: CVE-2007-4556 Source advisory: OSV:GHSA-H7MF-QRM9-2848...

6.8CVSS5.4AI score0.25749EPSS
Exploits0
OSV
OSV
added 2022/05/01 6:24 p.m.15 views

GHSA-H7MF-QRM9-2848 OpenSymphony XWork vulnerable to improper input validation

XWork is an command-pattern framework that is used to power WebWork as well as other applications. Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language OGNL expression...

6.8CVSS6.2AI score0.25749EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/01 6:24 p.m.20 views

OpenSymphony XWork vulnerable to improper input validation

XWork is an command-pattern framework that is used to power WebWork as well as other applications. Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language OGNL expression...

6.8CVSS7.3AI score0.25749EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2018/11/12 6:20 a.m.15 views

Denial Of Service (DoS)

OpenSymphony XWork is vulnerable to denial of service. Object-Graph Navigation Language OGNL expressions are recursively evaluated when altSyntax is enabled. A remote attacker is able to submit a crafted input to cause an infinite loop which results in a denial of service condition. This...

6.8CVSS6.9AI score0.25749EPSS
Exploits0References15Affected Software1
Veracode
Veracode
added 2018/11/09 5:25 a.m.22 views

Unauthorized OGNL Execution

xwork is vulnerable to unauthorized OGNL execution attacks. The vulnerability exists due to the lack of sanitization of user input, allowing \u0023 to be used as interpreted as to allow OGNL statements to be executed...

5CVSS6.2AI score0.394EPSS
Exploits1References12Affected Software1
Veracode
Veracode
added 2017/09/05 11:7 p.m.40 views

Denial Of Service (DoS)

struts2-rest-plugin is vulnerable to denial of service DoS attacks. These attacks are possible because it is using a version of xwork-core that is vulnerable to CVE-2017-7957...

7.5CVSS8.1AI score0.99461EPSS
Exploits23References8Affected Software1
Veracode
Veracode
added 2017/09/05 9:13 p.m.37 views

Regular Expression Denial Of Service (ReDoS)

struts2-core and xwork-core are vulnerable to regular expression denial of service ReDoS attacks. When the URLValidator is used it is possible to overload the server process through an attacker controlled URL. These attacks are as a result of an incomplete fix for CVE-2017-7672...

7.5CVSS7.4AI score0.99461EPSS
Exploits23References8Affected Software2
Rows per page
Query Builder