CVE-2012-0391 – Apache Struts 2 Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2012-0391
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter. El componente ExceptionDelegator en Apache Struts antes de v2.2.3.1 interpreta los valores de los parámetros como expresiones OGNL durante el manejo de determinadas excepciones en tipos de datos de propiedades no coincidentes, lo que permite a atacantes remotos ejecutar código Java a través de un parámetro especificamente modificado para tal fin. The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution. • https://www.exploit-db.com/exploits/18984 https://www.exploit-db.com/exploits/18329 http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html http://secunia.com/advisories/47393 http://struts.apache.org/2.x/docs/s2-008.html http://struts.apache.org/2.x/docs/version-notes-2311.html http://www.exploit-db.com/exploits/18329 https://issues.apache.org/jira/browse/WW-3668 https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt • CWE-20: Improper Input Validation •
CVE-2012-0393 – Apache Struts 2 < 2.3.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0393
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object. El componente ParameterInterceptor en Apache Struts antes de la versión v2.3.1.1 no impide el acceso a los constructores públicos, lo que permite a atacantes remotos crear o sobreescribir archivos de su elección a través de un parámetro debidamente modificado que desencadena la creación de un objeto Java. • https://www.exploit-db.com/exploits/18329 http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html http://secunia.com/advisories/47393 http://struts.apache.org/2.x/docs/s2-008.html http://struts.apache.org/2.x/docs/version-notes-2311.html http://www.exploit-db.com/exploits/18329 https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-0394 – Apache Struts - Developer Mode OGNL Execution
https://notcve.org/view.php?id=CVE-2012-0394
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself. ** CUESTIONADA ** El componente DebuggingInterceptor en Apache Struts antes de la versión v2.3.1.1, cuando se usa el modo desarrollador (developer), permite ejecutar comandos de su elección a atacantes remotos a través de vectores no especificados. NOTA: el vendedor indica que este comportamiento "no es una vulnerabilidad de seguridad en si misma". • https://www.exploit-db.com/exploits/31434 https://www.exploit-db.com/exploits/18329 http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html http://struts.apache.org/2.x/docs/s2-008.html http://struts.apache.org/2.x/docs/version-notes-2311.html http://www.exploit-db.com/exploits/18329 http://www.exploit-db.com/exploits/31434 http://www.osvdb.org/78276 https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-2088
https://notcve.org/view.php?id=CVE-2011-2088
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3. XWork v2.2.1 en Apache Struts v2.2.1, y XWork OpenSymphony en OpenSymphony WebWork, permite a atacantes remotos obtener información sensible acerca de las rutas internas de clases Java a través de vectores implican un elemento s:submit y un método inexistente, una vulnerabilidad diferente de CVE-2011-1772.3. • http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html http://www.securityfocus.com/archive/1/518066/100/0/threaded http://www.ventuneac.net/security-advisories/MVSA-11-006 https://issues.apache.org/jira/browse/WW-3579 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-2087
https://notcve.org/view.php?id=CVE-2011-2087
Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en los controladores de componente en el plugin javatemplates (también conocido como plantillas de Java) en Apache Struts v2.x antes de v2.2.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un valor de parámetro arbitrario a .action URI, relacionado con a una manipulación incorrecta del valor de los atributos en un (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler. Java, (7) SubmitHandler.java y (8) TextFieldHandler.java. • http://struts.apache.org/2.2.3/docs/version-notes-223.html http://www.vupen.com/english/advisories/2011/1198 https://issues.apache.org/jira/browse/WW-3597 https://issues.apache.org/jira/browse/WW-3608 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •