CVSS: 6.8EPSS: 97%CPEs: 1EXPL: 3CVE-2012-0392 – Apache Struts 2 < 2.3.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0392
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method. El componente CookieInterceptor en Apache Struts antes de v2.3.1.1 no utiliza una lista blanca de nombres de parámetros, lo que permite a atacantes remotos ejecutar código de su elección a través de una cabecera de una Cookie HTTP debidamente modificada que desencadena la ejecución de código Java a través de un método estático. • https://www.exploit-db.com/exploits/18329 http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html http://secunia.com/advisories/47393 http://struts.apache.org/2.x/docs/s2-008.html http://struts.apache.org/2.x/docs/version-notes-2311.html http://www.exploit-db.com/exploits/18329 https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt •
CVSS: 6.4EPSS: 93%CPEs: 1EXPL: 4CVE-2012-0393 – Apache Struts 2 < 2.3.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0393
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object. El componente ParameterInterceptor en Apache Struts antes de la versión v2.3.1.1 no impide el acceso a los constructores públicos, lo que permite a atacantes remotos crear o sobreescribir archivos de su elección a través de un parámetro debidamente modificado que desencadena la creación de un objeto Java. • https://www.exploit-db.com/exploits/18329 http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html http://secunia.com/advisories/47393 http://struts.apache.org/2.x/docs/s2-008.html http://struts.apache.org/2.x/docs/version-notes-2311.html http://www.exploit-db.com/exploits/18329 https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 2%CPEs: 28EXPL: 1CVE-2011-2087
https://notcve.org/view.php?id=CVE-2011-2087
Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en los controladores de componente en el plugin javatemplates (también conocido como plantillas de Java) en Apache Struts v2.x antes de v2.2.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un valor de parámetro arbitrario a .action URI, relacionado con a una manipulación incorrecta del valor de los atributos en un (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler. Java, (7) SubmitHandler.java y (8) TextFieldHandler.java. • http://struts.apache.org/2.2.3/docs/version-notes-223.html http://www.vupen.com/english/advisories/2011/1198 https://issues.apache.org/jira/browse/WW-3597 https://issues.apache.org/jira/browse/WW-3608 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 30EXPL: 5CVE-2011-1772 – Apache Struts 2.0.0 < 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-1772
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en XWork en Apache Struts v2.x anterior a v2.2.3, y OpenSymphony XWork en OpenSymphony WebWork, permite a atacantes remotos inyectar código web script o HTML a través de vectores que implican (1) un "action name", (2) la acción atributo de un elemento "s:submit", o (3) el atributo del método del elemento "s:submit". Apache Struts 2 framework before version 2.2.3 is vulnerable to reflected cross site scripting attacks when default XWork generated error messages are displayed. • https://www.exploit-db.com/exploits/35735 http://jvn.jp/en/jp/JVN25435092/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106 http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html http://struts.apache.org/2.2.3/docs/version-notes-223.html http://struts.apache.org/2.x/docs/s2-006.html http://www.securityfocus.com/bid/47784 http://www.ventun • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 6%CPEs: 26EXPL: 3CVE-2010-1870 – Apache Struts < 2.2.0 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2010-1870
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504. La capacidad OGNL extensive expression evaluation en XWork de Struts v2.0.0 hasta v2.1.8.1, como el usado en Atlassian Fisheye, Crucible,y posiblemente otros productos, usa una lista blanca permisiva, la cual permite a atacantes remotos modificar los objetos del contexto del lado del servidor y evitar el mecanismo de protección "#" en ParameterInterceptors a través de (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, y posiblemente otras variables de contexto OGNL, una vulnerabilidad diferente de CVE-2008-6504. Struts2/XWork suffers from a remote command execution vulnerability. • https://www.exploit-db.com/exploits/17691 https://www.exploit-db.com/exploits/14360 http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16 http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2010/Jul/183 http://seclists.org/fulldisclosure/2020/Oct/23 http://secunia.com/advisories/59110 http://securityreason.com/secu •