| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Apache Struts
Apache Struts 1.3: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of Apache Struts 1.3, in order to run JavaScript code in the context of the web site.
Impacted products: Struts, Tivoli System Automation, WebSphere AS Traditional, Oracle Communications.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 17/10/2018.
Identifiers: 2016214, cpuoct2018, CVE-2012-1007, ibm10719287, ibm10719297, ibm10719301, ibm10719303, ibm10719307, VIGILANCE-VUL-27508.
Description of the vulnerability
The Apache Struts 1.3 product offers a web service.
However, it does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting of Apache Struts 1.3, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
Apache Struts: denial of service via REST Plugin
Synthesis of the vulnerability
An attacker can generate a fatal error via REST Plugin of Apache Struts, in order to trigger a denial of service.
Impacted products: Struts, Oracle Communications.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 27/03/2018.
Identifiers: CERTFR-2018-AVI-153, cpujul2018, CVE-2018-1327, S2-056, VIGILANCE-VUL-25662.
Description of the vulnerability
An attacker can generate a fatal error via REST Plugin of Apache Struts, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Apache Struts: code execution via com.fasterxml.jackson
Synthesis of the vulnerability
An attacker can use a vulnerability (VIGILANCE-VUL-23406) of com.fasterxml.jackson of Apache Struts, in order to run code.
Impacted products: Struts, Debian, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Tuxedo, Oracle Virtual Directory, WebLogic, Puppet, JBoss EAP by Red Hat.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 12/12/2017.
Identifiers: CERTFR-2017-AVI-470, cpuapr2018, cpuapr2019, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-17485, CVE-2017-7525, CVE-2018-5968, DSA-4037-1, DSA-4114-1, ibm10715641, ibm10738249, RHSA-2017:3454-01, RHSA-2017:3455-01, RHSA-2017:3456-01, RHSA-2017:3458-01, RHSA-2018:0294-01, RHSA-2018:0478-01, RHSA-2018:0479-01, RHSA-2018:0480-01, RHSA-2018:0481-01, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2018:2930-01, S2-055, VIGILANCE-VUL-24732.
Description of the vulnerability
An attacker can use a vulnerability (VIGILANCE-VUL-23406) of com.fasterxml.jackson of Apache Struts, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
Apache Struts REST Plugin: denial of service via JSON
Synthesis of the vulnerability
An attacker can generate a fatal error via JSON of Apache Struts REST Plugin, in order to trigger a denial of service.
Impacted products: Struts, Oracle Communications, Oracle Fusion Middleware, Tuxedo, WebLogic.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 01/12/2017.
Identifiers: CERTFR-2017-AVI-445, cpuapr2018, cpujul2018, CVE-2017-15707, S2-054, VIGILANCE-VUL-24605.
Description of the vulnerability
An attacker can generate a fatal error via JSON of Apache Struts REST Plugin, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Apache Struts: code execution via Freemarker
Synthesis of the vulnerability
An attacker can use a vulnerability via Freemarker of Apache Struts, in order to run code.
Impacted products: Struts, Avamar, Unisphere EMC, Oracle Communications, WebLogic.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 07/09/2017.
Identifiers: 3889403, 3905487, 504595, 509396, CVE-2017-12611, ESA-2017-121, ESA-2017-128, S2-053, VIGILANCE-VUL-23756.
Description of the vulnerability
An attacker can use a vulnerability via Freemarker of Apache Struts, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
Apache Struts: two vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Apache Struts.
Impacted products: Struts, Oracle Communications, WebLogic.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 05/09/2017.
Revision date: 07/09/2017.
Identifiers: 3889403, 3905487, CVE-2017-9793, CVE-2017-9804, S2-050, S2-051, VIGILANCE-VUL-23731.
Description of the vulnerability
Several vulnerabilities were announced in Apache Struts.
An attacker can trigger a fatal error via URLValidator, in order to trigger a denial of service. [severity:3/4; CVE-2017-9804, S2-050]
An attacker can trigger a fatal error via Outdated XStream Library, in order to trigger a denial of service. [severity:3/4; CVE-2017-9793, S2-051]
Full Vigil@nce bulletin... (Free trial) |
Apache Struts: code execution via REST XStream
Synthesis of the vulnerability
An attacker can use a vulnerability via REST XStream of Apache Struts, in order to run code.
Impacted products: Struts, Oracle Communications, WebLogic.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 07/09/2017.
Identifiers: 3889403, 3905487, CERTFR-2017-AVI-285, CVE-2017-9805, S2-052, VIGILANCE-VUL-23755, VU#112992.
Description of the vulnerability
An attacker can use a vulnerability via REST XStream of Apache Struts, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
Apache Struts: denial of service via Spring Secured Actions
Synthesis of the vulnerability
An attacker can generate a fatal error via Spring Secured Actions of Apache Struts, in order to trigger a denial of service.
Impacted products: Struts, Oracle Communications, WebLogic.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 13/07/2017.
Revision date: 10/08/2017.
Identifiers: 3889403, 3905487, CVE-2017-9787, S2-049, VIGILANCE-VUL-23244.
Description of the vulnerability
An attacker can generate a fatal error via Spring Secured Actions of Apache Struts, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Apache Struts 2.3: code execution via Struts 1 Plugin With Raw Message
Synthesis of the vulnerability
An attacker can use a vulnerability via Struts 1 Plugin With Raw Message of Apache Struts 2.3, in order to run code.
Impacted products: Struts, Oracle Communications, WebLogic.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 10/07/2017.
Revision date: 17/07/2017.
Identifiers: 3889403, 3905487, CVE-2017-9791, S2-048, VIGILANCE-VUL-23168.
Description of the vulnerability
An attacker can use a vulnerability via Struts 1 Plugin With Raw Message of Apache Struts 2.3, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
Apache Struts: denial of service via URLValidator
Synthesis of the vulnerability
An attacker can generate a fatal error via URLValidator of Apache Struts, in order to trigger a denial of service.
Impacted products: Struts, Oracle Communications, WebLogic.
Severity: 3/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 13/07/2017.
Identifiers: 3889403, 3905487, CVE-2017-7672, S2-047, VIGILANCE-VUL-23243.
Description of the vulnerability
An attacker can generate a fatal error via URLValidator of Apache Struts, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Apache Struts:
|