4 matches found
CVE-2008-6504
CVE-2008-6504 affects OpenSymphony XWork (ParameterInterceptor) used in Apache Struts: OGNL refs to # context objects are not properly restricted, enabling remote OGNL evaluation and modification of server-side objects. Affected: XWork 2.0.x prior to 2.0.6 and 2.1.x prior to 2.1.2; vulnerability ...
CVE-2007-4556
OpenSymphony XWork (used by WebWork and Apache Struts) before 1.2.3, and 2.x before 2.0.4, evaluates inputs as OGNL expressions when altSyntax is enabled. The underlying issue is recursive OGNL processing, which can lead to a denial of service (infinite loop) and, in some cases, remote code execu...
CVE-2011-1772
CVE-2011-1772 is a cross-site scripting (XSS) vulnerability affecting Apache Struts 2.x (XWork) and OpenSymphony WebWork, with XWork error page generation failing to escape certain inputs. The issue arises from improper validation of user-supplied input when generating the action name for error p...
CVE-2011-2088
CVE-2011-2088 affects XWork (Apache Struts 2.2.1 / OpenSymphony XWork) where XWork-generated error pages could reveal internal Java class path information via an s:submit element and a nonexistent method. This is tied to the CVE-2011-1772 family and is described as a separate vulnerability relate...