CVE-2014-0114 – Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. Apache Commons BeanUtils, según se distribuye en lib/commons-beanutils-1.8.0.jar en Apache Struts 1.x hasta la versión 1.3.10 y en otros productos que requieren commons-beanutils hasta la versión 1.9.2, no suprime la propiedad class, lo que permite a atacantes remotos "manipular" el ClassLoader y ejecutar código arbitrario a través del parámetro class, según lo demostrado por el paso de este parámetro al método getClass del objeto ActionForm en Struts 1. OSCAR EMR version 15.21beta361 suffers from remote code execution, cross site request forgery, cross site scripting, denial of service, deserialization, remote SQL injection, and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/41690 http://advisories.mageia.org/MGASA-2014-0219.html http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html http://marc.info/?l=bugtraq&m=140119284401582&w=2 http://marc.info/?l=bugtraq&m=140801096002766&w= • CWE-20: Improper Input Validation CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVE-2006-1546 – struts bypass validation
https://notcve.org/view.php?id=CVE-2006-1546
Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check. • http://issues.apache.org/bugzilla/show_bug.cgi?id=38374 http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html http://mail-archives.apache.org/mod_mbox/struts-dev/200601.mbox/%3cdr169r%24623%242%40sea.gmane.org%3e http://mail-archives.apache.org/mod_mbox/struts-user/200601.mbox/%3c20060121221800.15814.qmail%40web32607.mail.mud.yahoo.com%3e http://secunia.com/advisories/19493 http://secunia.com/advisories/20117 http://securitytracker.com/id?1015856 http://struts.ap •
CVE-2006-1548 – struts LookupDispatchAction XSS
https://notcve.org/view.php?id=CVE-2006-1548
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message. • http://issues.apache.org/bugzilla/show_bug.cgi?id=38749 http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html http://secunia.com/advisories/19493 http://secunia.com/advisories/20117 http://securitytracker.com/id?1015856 http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html http://www.securityfocus.com/bid/17342 http://www.vupen.com/english/advisories/2006/1205 https://exchange.xforce.ibmcloud.com/vulnerabilities/25614 https://issues.apache.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-1547 – Apache Struts 1 ActionForm Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2006-1547
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils. ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service (DoS). • http://issues.apache.org/bugzilla/show_bug.cgi?id=38534 http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html http://secunia.com/advisories/19493 http://secunia.com/advisories/20117 http://securitytracker.com/id?1015856 http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html http://www.securityfocus.com/bid/17342 http://www.vupen.com/english/advisories/2006/1205 https://exchange.xforce.ibmcloud.com/vulnerabilities/25613 https://access.redhat.com •