Lucene search

New Struts2 Remote Code Execution exploit caught in the wild

🗓️ 09 Mar 2017 00:54:15Reported by WallarmType

New Struts2 Remote Code Execution exploit in the wild, using OGNL macroses to construct and call shell commands, first exploit caught on Mar 8, 03:34 am, update to Struts 2.3.32 or Struts 2.5.10.1, apply virtual patch to WA

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 199
IBM Security Bulletins	Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251, CVE-2013-2248 CVE-2013-2135, CVE-2013-2134, CVE-2013-2115, CVE-2013-1966 and CVE-2013-1965)	29 Mar 202301:48	–	ibm
IBM Security Bulletins	Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965)	26 Sep 202222:21	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Platform Symphony (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 CVE-2013-4310)	18 Jun 201801:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure, Price, Quote are affected by multiple Apache Struts 2 security vulnerabilities.	16 Jun 201819:34	–	ibm
IBM Security Bulletins	Security Bulletin:Sterling Web Channel is affected by Apache Struts 2 security vulnerabilities (CVE-2013-4310, CVE-2013-4316, CVE-2013-2251, CVE-2013-2248, CVE-2013-2135, CVE-2013-2134, CVE-2013-2115, CVE-2013-1966, CVE-2013-1965)	16 Jun 201819:37	–	ibm
IBM Security Bulletins	Security Bulletin: Order Management could be subject to multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x.	12 Apr 202417:35	–	ibm
IBM Security Bulletins	Security Bulletin: Order Management could be subject to an Apache Struts vulnerability that could allow a remote attacker to execute arbitrary code on the system.	12 Apr 202417:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)	14 Sep 202217:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Order Management Apache Struts upgrade strategy (various CVEs, see below)	14 Sep 202217:45	–	ibm
IBM Security Bulletins	Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2016-3093	30 Aug 202216:40	–	ibm

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Mar 2017 00:15Current

0.3Low risk

Vulners AI Score0.3

EPSS0.94328