Page 6 of 47 results (0.008 seconds)

CVSS: 5.0EPSS: 97%CPEs: 1EXPL: 4

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method. ParametersInterceptor en Apache Struts versiones anteriores a 2.3.16.2, permite a atacantes remotos "manipulate" el ClassLoader por medio del parámetro class, que se pasa al método getClass. • https://www.exploit-db.com/exploits/33142 https://www.exploit-db.com/exploits/41690 https://github.com/y0d3n/CVE-2014-0094 https://github.com/HasegawaTadamitsu/CVE-2014-0094-test-program-for-struts1 http://jvn.jp/en/jp/JVN19294237/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045 http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html http://secunia.com/advisories/56440 http://secunia.com/advisories/59178 http://struts.apache.org/release/2. •

CVSS: 5.8EPSS: 1%CPEs: 45EXPL: 0

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. Apache Struts v2.0.0 hasta v2.3.15.1 permite a atacantes remotos evitar los controles de acceso a través de una acción manipulada: prefix. • http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html http://archives.neohapsis.com/archives/bugtraq/2013-10/0083.html http://secunia.com/advisories/54919 http://secunia.com/advisories/56483 http://secunia.com/advisories/56492 http://struts.apache.org/release/2.3.x/docs/s2-018.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/bid/64758 http://www.securitytracker.com/id/1029077 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 0%CPEs: 56EXPL: 0

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. Apache Struts 2.0.0 hasta la versión 2.3.15.1 habilita por defecto Dynamic Method Invocation, lo cual tiene un impacto y vectores de ataque desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html http://struts.apache.org/release/2.3.x/docs/s2-019.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/bid/64758 http://www.securitytracker.com/id/1029078 • CWE-16: Configuration CWE-284: Improper Access Control •

CVSS: 9.3EPSS: 97%CPEs: 44EXPL: 3

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix. Apache Struts v2.0.0 hasta v2.3.15 permite a atacantes remotos ejecutar expresiones OGNL arbitrarias mediante un parámetro con una (1)acción:, (2) redirect:, o (3) redirectAction: Struts2 suffers from an OGNL injection vulnerability that allows for redirection. Versions 2.0.0 through 2.3.15 are affected. Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions. • https://www.exploit-db.com/exploits/27135 https://www.exploit-db.com/exploits/44583 https://github.com/nth347/CVE-2013-2251 http://archiva.apache.org/security.html http://cxsecurity.com/issue/WLB-2014010087 http://osvdb.org/98445 http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2013/Oct/96 http://seclists.org/oss-sec/2014/q1/89 http://struts.apache.org/release/2.3.x/docs/s2-016.html http:&#x • CWE-20: Improper Input Validation •

CVSS: 5.8EPSS: 96%CPEs: 44EXPL: 1

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix. Múltiples vulnerabilidades de redirección en Apache Struts v2.0.0 hasta v2.3.15 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing mediante una URL en un parámetro usando (1) redirect: o (2) redirectAction: Struts2 suffers from an open redirection vulnerability. Versions 2.0.0 through 2.3.15 are affected. • https://www.exploit-db.com/exploits/38666 http://struts.apache.org/release/2.3.x/docs/s2-017.html http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securityfocus.com/bid/61196 http://www.securityfocus.com/bid/64758 • CWE-20: Improper Input Validation •