Lucene search

K

New Struts2 Remote Code Execution exploit caught in the wild

🗓️ 09 Mar 2017 00:54:15Reported by WallarmType 
wallarmlab
 wallarmlab
🔗 lab.wallarm.com👁 1744 Views

New Struts2 Remote Code Execution exploit in the wild, using OGNL macroses to construct and call shell commands, first exploit caught on Mar 8, 03:34 am, update to Struts 2.3.32 or Struts 2.5.10.1, apply virtual patch to WA

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251, CVE-2013-2248 CVE-2013-2135, CVE-2013-2134, CVE-2013-2115, CVE-2013-1966 and CVE-2013-1965)
29 Mar 202301:48
ibm
IBM Security Bulletins
Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965)
26 Sep 202222:21
ibm
IBM Security Bulletins
Security Bulletin: IBM Platform Symphony (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 CVE-2013-4310)
18 Jun 201801:24
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure, Price, Quote are affected by multiple Apache Struts 2 security vulnerabilities.
16 Jun 201819:34
ibm
IBM Security Bulletins
Security Bulletin:Sterling Web Channel is affected by Apache Struts 2 security vulnerabilities (CVE-2013-4310, CVE-2013-4316, CVE-2013-2251, CVE-2013-2248, CVE-2013-2135, CVE-2013-2134, CVE-2013-2115, CVE-2013-1966, CVE-2013-1965)
16 Jun 201819:37
ibm
IBM Security Bulletins
Security Bulletin: Order Management could be subject to multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x.
12 Apr 202417:35
ibm
IBM Security Bulletins
Security Bulletin: Order Management could be subject to an Apache Struts vulnerability that could allow a remote attacker to execute arbitrary code on the system.
12 Apr 202417:44
ibm
IBM Security Bulletins
Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)
14 Sep 202217:37
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Order Management Apache Struts upgrade strategy (various CVEs, see below)
14 Sep 202217:45
ibm
IBM Security Bulletins
Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2016-3093
30 Aug 202216:40
ibm
Rows per page

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
09 Mar 2017 00:15Current
0.3Low risk
Vulners AI Score0.3
EPSS0.94328
1744
.json
Report