Apache Struts version 2.5.20 double OGNL evaluation exploit.
9eb8066bb5239fdd85e8ea9bf0dc8509The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a tag's attributes are rendered. With a carefully crafted request, this can lead to remote code execution. This vulnerability is application dependant. A server side template must make an affected use of request data to render an HTML tag attribute.
a00ae15a323f6cf0ba8c86991a9f2707An unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, versions 9.0-8 and below. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be exploitable in both the Windows and Linux version of the software and has existed in the LISTSERV Maestro software since at least version 8.1-5. As a result, a specially crafted HTTP request can be constructed that executes code in the context of the web application. Exploitation of this vulnerability does not require authentication and can lead to root level privilege on any system running the LISTServ Maestro services.
a3168454ee163a5555ee9cdd35609b72Apache Struts 2 DefaultActionMapper Prefixes OGNL remote code execution exploit.
4bacfb503bb7a49d5262f888693bb1b8This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions 2.3 through 2.3.4, and 2.5 through 2.5.16. Remote code execution can be performed via an endpoint that makes use of a redirect action. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.
a4e7f0e82c562b624ecf195e89e4fb88Apache versions 2.3 up to 2.3.34 and 2.5 up to 2.5.16 remote code execution exploit.
d8cb5003787ffe5dff6acbd417ce2c59Apache versions 2.3 up to 2.3.34 and 2.5 up to 2.5.16 remote code execution exploit.
986b43115c7195f3cd675987f7e99e5eMan Yue Mo from the Semmle Security Research team noticed that Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution vulnerabilities.
13ed154c6fefe1b2ae0599b839ed689dThis Metasploit module exploits a remote code execution vulnerability in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series. Remote code execution can be performed via a malicious field value.
354fce33983d17e45d41971c85b42100Apache Struts versions 2.5 through 2.5.12 REST plugin XStream remote code execution exploit.
ed713b2c9934090617c90e450993d42dApache Struts versions 2.5 through 2.5.12 using the REST plugin are vulnerable to a Java deserialization attack in the XStream library.
6a456689db4d683f7253fa4ce925f95cApache Struts 2.3.x Showcase remote code execution proof of concept exploit.
b127e7bfe5e4cb4867bb2f3d6c8b1d64HPE Security Bulletin HPESBGN03733 1 - A potential security vulnerability in Jakarta Multipart parser in Apache Struts has been addressed in HPE Universal CMDB. This vulnerability could be remotely exploited to allow code execution via mishandled file upload. Revision 1 of this advisory.
77f2af54b71a701cb9a39d3cbac64dbdThis Metasploit module exploits a remote code execution vulnerability in Apache Struts version 2.3.5 - 2.3.31, and 2.5 - 2.5.10. Remote Code Execution can be performed via http Content-Type header. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.
8637e8ffc6de9189c657a3e087a50331Apache Struts 2 versions 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 remote code execution exploit that provides a reverse shell.
1fe1221359b528e0a3f8439c385ef6e1Struts S2-045 remote command execution proof of concept exploit.
de49204b909920bd9a5ae5c2b8b75d1eThis Metasploit module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.
a500c7d4893ccc30f624a84876393fb9This Metasploit module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.
bb77e1c207231c0a1ce3a4a82373b2c0Debian Linux Security Advisory 3536-1 - It was discovered that libstruts1.2-java, a Java framework for MVC applications, contains a bug in its multi-page validation code. This allows input validation to be bypassed, even if MPV is not used directly.
e1ae343a7d28ca21618e50508f60f7acApache has released Struts version 2.3.20 which merges various security fixes and extends an existing security mechanism to block access to given Java packages and Classes.
731c184c594e7079c4d5e8d8e95cd386HP Security Bulletin HPSBST03160 - A potential security vulnerability has been identified with HP XP Command View Advanced Edition running Apache Struts. Revision 1 of this advisory.
9b395dbdfb2853bc1226c83291fe27caDebian Linux Security Advisory 2940-1 - It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code.
39cdf20b0014b76773979dfc0b02fa5eCisco Security Advisory - Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remote command execution vulnerability identified by Apache with Common Vulnerabilities and Exposures ID CVE-2010-1870. The vulnerability is due to insufficient sanitization on user-supplied input in the XWorks component of the affected software. The component uses the ParameterInterceptors directive to parse the Object-Graph Navigation Language (OGNL) expressions that are implemented via a whitelist feature. An attacker could exploit this vulnerability by sending crafted requests that contain OGNL expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system. Cisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000 Series. Customers using Cisco Business Edition 3000 Series should contact their Cisco representative for available options.
f99f63988930581031d2a4c54c4246deVMware Security Advisory 2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library.
3595a99c468e3b216b6df603faaa858eHP Security Bulletin HPSBGN03041 - A potential security vulnerability has been identified with HP IceWall Configuration Manager running Apache Struts. The vulnerability could be exploited remotely resulting in execution of arbitrary code. Revision 1 of this advisory.
fb4150bd6e2c01119b9f0f2ebe49e6a0Mandriva Linux Security Advisory 2014-095 - It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions.
4205d082436cdc97e0ada92408be1dfb
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed