CVSS: 9.8EPSS: 97%CPEs: 33EXPL: 3CVE-2017-9791 – Apache Struts 1 Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2017-9791
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. El plugin Struts 1 en Apache Struts versiones 2.1.x y 2.3.x, podría permitir la ejecución de código remota por medio de un valor de campo malicioso pasado en un mensaje sin procesar en la ActionMessage. The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. • https://www.exploit-db.com/exploits/44643 https://www.exploit-db.com/exploits/42324 https://github.com/xfer0/CVE-2017-9791 http://struts.apache.org/docs/s2-048.html http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html http://www.securityfocus.com/bid/99484 http://www.securitytracker.com/id/1038838 https://security.netapp.com/advisory/ntap-20180706-0002 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 96%CPEs: 53EXPL: 27CVE-2017-5638 – Apache Struts Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. El analizador sintáctico Jakarta Multipart en Apache Struts 2 en versiones 2.3.x anteriores a la 2.3.32 y versiones 2.5.x anteriores a la 2.5.10.1 no maneja correctamente las excepciones y la generación de mensajes de error, lo que permite a atacantes remotos ejecutar comandos arbitrarios a través de una cadena #cmd= en un encabezado HTTP de Content-Type, Content-Disposition o Content-Length manipulado. Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution. • https://www.exploit-db.com/exploits/41570 https://www.exploit-db.com/exploits/41614 https://github.com/immunio/apache-struts2-CVE-2017-5638 https://github.com/payatu/CVE-2017-5638 https://github.com/sUbc0ol/Apache-Struts2-RCE-Exploit-v2-CVE-2017-5638 https://github.com/win3zz/CVE-2017-5638 https://github.com/0x00-0x00/CVE-2017-5638 https://github.com/R4v3nBl4ck/Apache-Struts-2-CVE-2017-5638-Exploit- https://github.com/oktavianto/CVE-2017-5638-Apache-Struts2 https:/&# • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 55EXPL: 0CVE-2016-4436
https://notcve.org/view.php?id=CVE-2016-4436
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up. Apache Struts 2 en versiones anteriores a 2.3.29 y 2.5.x en versiones anteriores a 2.5.1 permiten a atacantes tener impacto no especificado a través de vectores relacionados con la limpieza de un nombre de acción inapropiado. • http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282 http://www-01.ibm.com/support/docview.wss?uid=swg21987854 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.securityfocus.com/bid/91280 https://struts.apache.org/docs/s2-035.html •
CVSS: 5.3EPSS: 2%CPEs: 56EXPL: 0CVE-2016-3093
https://notcve.org/view.php?id=CVE-2016-3093
Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors. Apache Struts 2.0.0 hasta la versión 2.3.24.1 no cachea correctamente referencias al método cuando se utiliza con OGNL en versiones anteriores a 3.0.12, lo que permite a atacantes remotos provocar una denegación de servicio (bloqueo de acceso a sitio web) a través de vectores no especificados. • http://struts.apache.org/docs/s2-034.html http://www-01.ibm.com/support/docview.wss?uid=swg21987854 http://www.securityfocus.com/bid/90961 http://www.securitytracker.com/id/1036018 https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 97%CPEs: 57EXPL: 2CVE-2016-3081 – Apache Struts - Dynamic Method Invocation Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-3081
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. Apache Struts versiones 2.3.19 hasta 2.3.20.2, versiones 2.3.21 hasta 2.3.24.1 y versiones 2.3.25 hasta 2.3.28, cuando Dynamic Method Invocation está habilitado, permite a atacantes remotos ejecutar código arbitrario por medio del prefijo method:, relacionado con expresiones encadenadas. • https://www.exploit-db.com/exploits/39756 http://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-en http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exec http://www.rapid7.com/db/modules/explo • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •