Vulnerabilites related to opensymphony - xwork
Vulnerability from fkie_nvd
Published
2009-03-23 14:19
Modified
2024-11-21 00:56
Severity ?
Summary
ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensymphony | xwork | 2.0.0 | |
| opensymphony | xwork | 2.0.1 | |
| opensymphony | xwork | 2.0.2 | |
| opensymphony | xwork | 2.0.3 | |
| opensymphony | xwork | 2.0.4 | |
| opensymphony | xwork | 2.0.5 | |
| opensymphony | xwork | 2.1.0 | |
| opensymphony | xwork | 2.1.1 | |
| apache | struts | 2.0.0 | |
| apache | struts | 2.0.2 | |
| apache | struts | 2.0.3 | |
| apache | struts | 2.0.4 | |
| apache | struts | 2.0.5 | |
| apache | struts | 2.0.6 | |
| apache | struts | 2.0.7 | |
| apache | struts | 2.0.8 | |
| apache | struts | 2.0.9 | |
| apache | struts | 2.0.11 | |
| apache | struts | 2.0.11.1 | |
| apache | struts | 2.0.11.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensymphony:xwork:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB359E4-7D59-4124-855D-8E9CF71554CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensymphony:xwork:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF27EEA-B36A-4FA1-BC8F-37003457FD53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensymphony:xwork:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABB7703-3606-4983-ADCE-829A3291ED66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensymphony:xwork:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "89891ADF-86DD-4921-81CA-8482FA6AD156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensymphony:xwork:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "00DB2D6F-008C-4132-B7A5-86366AE4C551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensymphony:xwork:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1AC722-E97E-4EA2-A6F6-9C6EED5131E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensymphony:xwork:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "318A2710-854A-44BB-8A9D-C5C360BC48E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensymphony:xwork:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32976658-0BE5-42E2-A466-7CB9FF5ABF40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF11DCF-6F6E-4E18-988E-E43918FBB8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "386538BE-F258-4870-8E11-750ADA228026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CF15B9-3714-4206-9971-1F7D59E20483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA32D87-65C7-4589-86B7-500BE3203CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "98C3FB11-4E24-4067-A3A9-021F849DAAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCF2D72-90F1-4D1B-94A2-5BB3D8C086C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "661F1610-9FCD-4FC1-BCA1-69C58E0A1389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C89E22-B106-4EAB-90A1-0EA86C165737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1BABB2-780E-47E0-87A9-A164906C8421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94BD452B-AE41-4F7A-9DB9-4B1039582537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACFDC53B-7B8E-4333-BC87-E01024EC9C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0818E7-B617-4C30-BFAC-9FE2F375F8BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \\u0023 representation for the # character."
},
{
"lang": "es",
"value": "ParametersInterceptor en OpenSymphony XWork 2.0.x antes de 2.0.6 y 2.1.x antes de 2.1.2, tal como se utiliza en Apache Struts y otros productos, no restringe adecuadamente las referencias # (almohadilla) a objetos de contexto, lo que permite a atacantes remotos ejecutar sentencias OGNL (Object-Graph Navigation Language) y modificar los objetos del contexto del lado del servidor contexto objetos, como lo demuestra el uso de una representaci\u00f3n \\u0023 del car\u00e1cter #."
}
],
"id": "CVE-2008-6504",
"lastModified": "2024-11-21T00:56:42.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-23T14:19:12.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://fisheye6.atlassian.com/cru/CR-9/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://issues.apache.org/struts/browse/WW-2692"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://jira.opensymphony.com/browse/XW-641"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/49732"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32495"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32497"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://struts.apache.org/2.x/docs/s2-003.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32101"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/3003"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3004"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://fisheye6.atlassian.com/cru/CR-9/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://issues.apache.org/struts/browse/WW-2692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://jira.opensymphony.com/browse/XW-641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/49732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://struts.apache.org/2.x/docs/s2-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/3003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46328"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-13 17:05
Modified
2024-11-21 01:27
Severity ?
Summary
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | struts | 2.2.1 | |
| opensymphony | xwork | 2.2.1 | |
| opensymphony | webwork | - | |
| opensymphony | xwork | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9093C0-AE6A-4285-B159-8FDBF37E33D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensymphony:xwork:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86571CB0-00C3-407E-AA23-F84628AC4EA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensymphony:webwork:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68D68135-A485-4A9D-AA01-6F11D166A604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensymphony:xwork:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63E63E98-5734-4CA9-98BA-1040B2CF4C77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3."
},
{
"lang": "es",
"value": "XWork v2.2.1 en Apache Struts v2.2.1, y XWork OpenSymphony en OpenSymphony WebWork, permite a atacantes remotos obtener informaci\u00f3n sensible acerca de las rutas internas de clases Java a trav\u00e9s de vectores implican un elemento s:submit y un m\u00e9todo inexistente, una vulnerabilidad diferente de CVE-2011-1772.3."
}
],
"id": "CVE-2011-2088",
"lastModified": "2024-11-21T01:27:33.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-13T17:05:45.283",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"source": "cve@mitre.org",
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/518066/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/518066/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-13 17:05
Modified
2024-11-21 01:27
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | struts | 2.0.0 | |
| apache | struts | 2.0.1 | |
| apache | struts | 2.0.2 | |
| apache | struts | 2.0.3 | |
| apache | struts | 2.0.4 | |
| apache | struts | 2.0.5 | |
| apache | struts | 2.0.6 | |
| apache | struts | 2.0.7 | |
| apache | struts | 2.0.8 | |
| apache | struts | 2.0.9 | |
| apache | struts | 2.0.10 | |
| apache | struts | 2.0.11 | |
| apache | struts | 2.0.11.1 | |
| apache | struts | 2.0.11.2 | |
| apache | struts | 2.0.12 | |
| apache | struts | 2.0.13 | |
| apache | struts | 2.0.14 | |
| apache | struts | 2.1.0 | |
| apache | struts | 2.1.1 | |
| apache | struts | 2.1.2 | |
| apache | struts | 2.1.3 | |
| apache | struts | 2.1.4 | |
| apache | struts | 2.1.5 | |
| apache | struts | 2.1.6 | |
| apache | struts | 2.1.8 | |
| apache | struts | 2.1.8.1 | |
| apache | struts | 2.2.1 | |
| apache | struts | 2.2.1.1 | |
| opensymphony | webwork | * | |
| opensymphony | xwork | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF11DCF-6F6E-4E18-988E-E43918FBB8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3A90B7-C632-4D3E-9A4F-21E46D273B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "386538BE-F258-4870-8E11-750ADA228026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CF15B9-3714-4206-9971-1F7D59E20483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA32D87-65C7-4589-86B7-500BE3203CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "98C3FB11-4E24-4067-A3A9-021F849DAAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCF2D72-90F1-4D1B-94A2-5BB3D8C086C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "661F1610-9FCD-4FC1-BCA1-69C58E0A1389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C89E22-B106-4EAB-90A1-0EA86C165737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1BABB2-780E-47E0-87A9-A164906C8421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AC32348E-7EF4-411C-9A44-CD041ABFA0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94BD452B-AE41-4F7A-9DB9-4B1039582537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACFDC53B-7B8E-4333-BC87-E01024EC9C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0818E7-B617-4C30-BFAC-9FE2F375F8BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "50F4A58E-F3D4-4711-A37E-EA538B112371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "EFFCC96F-FD87-4495-B8A5-19D7898D5662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA0424E-84B4-41BD-8E6C-93E2A77DD6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC53AE5-3640-4FE1-B0B1-EA26C5B9EB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "662A2E4B-A76A-4498-98A6-F90DF65C62B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E720B3A-4CFB-47FE-B80C-67C59D4C7FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA687B56-A09B-4741-84F1-2BD9569A3F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC0E358-8B4D-480B-BFAE-966CB697310A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2B7E8E1C-C667-4AED-86A5-2BD0C62AAD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "88B3348C-1086-4A16-97E3-52DB65FF860A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3C65711D-9C5B-4644-A12D-82243CB6FB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1FA9A7-2C8E-4651-9400-190198528642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9093C0-AE6A-4285-B159-8FDBF37E33D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "267A1C33-1C95-41DA-8A01-6F20C7BE1772",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensymphony:webwork:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09604417-9AF3-4F95-8E7A-695AD510168E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensymphony:xwork:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D54BC82-0A21-42F7-9439-EB6BF2E95393",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en XWork en Apache Struts v2.x anterior a v2.2.3, y OpenSymphony XWork en OpenSymphony WebWork, permite a atacantes remotos inyectar c\u00f3digo web script o HTML a trav\u00e9s de vectores que implican (1) un \"action name\", (2) la acci\u00f3n atributo de un elemento \"s:submit\", o (3) el atributo del m\u00e9todo del elemento \"s:submit\"."
}
],
"id": "CVE-2011-1772",
"lastModified": "2024-11-21T01:27:01.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-05-13T17:05:44.267",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://jvn.jp/en/jp/JVN25435092/index.html"
},
{
"source": "secalert@redhat.com",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106"
},
{
"source": "secalert@redhat.com",
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"source": "secalert@redhat.com",
"url": "http://struts.apache.org/2.2.3/docs/version-notes-223.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://struts.apache.org/2.x/docs/s2-006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47784"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1198"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN25435092/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://struts.apache.org/2.2.3/docs/version-notes-223.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://struts.apache.org/2.x/docs/s2-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-28 01:17
Modified
2024-11-21 00:35
Severity ?
Summary
Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensymphony | xwork | * | |
| opensymphony | xwork | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensymphony:xwork:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6AFB5F9-70BE-4524-8112-BBCD7AD23362",
"versionEndExcluding": "1.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensymphony:xwork:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE01415-0D93-4D31-A33C-04DC06A2AF66",
"versionEndIncluding": "2.0.4",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a \"%{\" sequence and ending with a \"}\" character."
},
{
"lang": "es",
"value": "Struts apoyado en OpenSymphony XWork anterior a 1.2.3, y 2.x anterior a 2.0.4, tal y como se utiliza en WebWork y Apache Struts, recursivamente evalua todas las entradas como una expresi\u00f3n Object-Graph Navigation Language (OGNL) cuando altSyntax est\u00e1 activado, lo cual permite a atacantes remotos provocar denegaci\u00f3n de servicio (bucle infinito) o ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un formulario de entradad comenzando con una secuencia \"%{\" y finalizando con un caracter \"}\"."
}
],
"id": "CVE-2007-4556",
"lastModified": "2024-11-21T00:35:53.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-28T01:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://forums.opensymphony.com/ann.jspa?annID=54"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://issues.apache.org/struts/browse/WW-2030"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://jira.opensymphony.com/browse/XW-544"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://jira.opensymphony.com/secure/ReleaseNote.jspa?projectId=10050\u0026styleName=Html\u0026version=21701"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://jira.opensymphony.com/secure/ReleaseNote.jspa?projectId=10050\u0026styleName=Html\u0026version=21706"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/37072"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26681"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26693"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26694"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://struts.apache.org/2.x/docs/s2-001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://wiki.opensymphony.com/display/WW/1.2.3+Press+Release"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25524"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3041"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://forums.opensymphony.com/ann.jspa?annID=54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://issues.apache.org/struts/browse/WW-2030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jira.opensymphony.com/browse/XW-544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jira.opensymphony.com/secure/ReleaseNote.jspa?projectId=10050\u0026styleName=Html\u0026version=21701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jira.opensymphony.com/secure/ReleaseNote.jspa?projectId=10050\u0026styleName=Html\u0026version=21706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/37072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://struts.apache.org/2.x/docs/s2-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://wiki.opensymphony.com/display/WW/1.2.3+Press+Release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3042"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2007-4556
Vulnerability from cvelistv5
Published
2007-08-28 01:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25524"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jira.opensymphony.com/browse/XW-544"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.apache.org/struts/browse/WW-2030"
},
{
"name": "ADV-2007-3041",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3041"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.opensymphony.com/ann.jspa?annID=54"
},
{
"name": "ADV-2007-3042",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3042"
},
{
"name": "26693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26693"
},
{
"name": "26681",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26681"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.opensymphony.com/display/WW/1.2.3+Press+Release"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jira.opensymphony.com/secure/ReleaseNote.jspa?projectId=10050\u0026styleName=Html\u0026version=21706"
},
{
"name": "37072",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://struts.apache.org/2.x/docs/s2-001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jira.opensymphony.com/secure/ReleaseNote.jspa?projectId=10050\u0026styleName=Html\u0026version=21701"
},
{
"name": "26694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26694"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a \"%{\" sequence and ending with a \"}\" character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25524"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jira.opensymphony.com/browse/XW-544"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.apache.org/struts/browse/WW-2030"
},
{
"name": "ADV-2007-3041",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3041"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.opensymphony.com/ann.jspa?annID=54"
},
{
"name": "ADV-2007-3042",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3042"
},
{
"name": "26693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26693"
},
{
"name": "26681",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26681"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.opensymphony.com/display/WW/1.2.3+Press+Release"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jira.opensymphony.com/secure/ReleaseNote.jspa?projectId=10050\u0026styleName=Html\u0026version=21706"
},
{
"name": "37072",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://struts.apache.org/2.x/docs/s2-001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jira.opensymphony.com/secure/ReleaseNote.jspa?projectId=10050\u0026styleName=Html\u0026version=21701"
},
{
"name": "26694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26694"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a \"%{\" sequence and ending with a \"}\" character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25524"
},
{
"name": "http://jira.opensymphony.com/browse/XW-544",
"refsource": "CONFIRM",
"url": "http://jira.opensymphony.com/browse/XW-544"
},
{
"name": "http://issues.apache.org/struts/browse/WW-2030",
"refsource": "CONFIRM",
"url": "http://issues.apache.org/struts/browse/WW-2030"
},
{
"name": "ADV-2007-3041",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3041"
},
{
"name": "http://forums.opensymphony.com/ann.jspa?annID=54",
"refsource": "CONFIRM",
"url": "http://forums.opensymphony.com/ann.jspa?annID=54"
},
{
"name": "ADV-2007-3042",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3042"
},
{
"name": "26693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26693"
},
{
"name": "26681",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26681"
},
{
"name": "http://wiki.opensymphony.com/display/WW/1.2.3+Press+Release",
"refsource": "CONFIRM",
"url": "http://wiki.opensymphony.com/display/WW/1.2.3+Press+Release"
},
{
"name": "http://jira.opensymphony.com/secure/ReleaseNote.jspa?projectId=10050\u0026styleName=Html\u0026version=21706",
"refsource": "CONFIRM",
"url": "http://jira.opensymphony.com/secure/ReleaseNote.jspa?projectId=10050\u0026styleName=Html\u0026version=21706"
},
{
"name": "37072",
"refsource": "OSVDB",
"url": "http://osvdb.org/37072"
},
{
"name": "http://struts.apache.org/2.x/docs/s2-001.html",
"refsource": "CONFIRM",
"url": "http://struts.apache.org/2.x/docs/s2-001.html"
},
{
"name": "http://jira.opensymphony.com/secure/ReleaseNote.jspa?projectId=10050\u0026styleName=Html\u0026version=21701",
"refsource": "CONFIRM",
"url": "http://jira.opensymphony.com/secure/ReleaseNote.jspa?projectId=10050\u0026styleName=Html\u0026version=21701"
},
{
"name": "26694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26694"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4556",
"datePublished": "2007-08-28T01:00:00",
"dateReserved": "2007-08-27T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2088
Vulnerability from cvelistv5
Published
2011-05-13 17:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://issues.apache.org/jira/browse/WW-3579 | x_refsource_MISC | |
| http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html | x_refsource_MISC | |
| http://www.ventuneac.net/security-advisories/MVSA-11-006 | x_refsource_MISC | |
| http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/518066/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"name": "20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518066/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"name": "20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518066/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/WW-3579",
"refsource": "MISC",
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"name": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html",
"refsource": "MISC",
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"name": "http://www.ventuneac.net/security-advisories/MVSA-11-006",
"refsource": "MISC",
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"name": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html",
"refsource": "MISC",
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"name": "20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518066/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2088",
"datePublished": "2011-05-13T17:00:00",
"dateReserved": "2011-05-13T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6504
Vulnerability from cvelistv5
Published
2009-03-23 14:00
Modified
2024-08-07 11:34
Severity ?
EPSS score ?
Summary
ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/32495 | third-party-advisory, x_refsource_SECUNIA | |
| http://fisheye6.atlassian.com/cru/CR-9/ | x_refsource_CONFIRM | |
| http://struts.apache.org/2.x/docs/s2-003.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46328 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/3003 | vdb-entry, x_refsource_VUPEN | |
| http://www.vupen.com/english/advisories/2008/3004 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/32101 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/32497 | third-party-advisory, x_refsource_SECUNIA | |
| http://jira.opensymphony.com/browse/XW-641 | x_refsource_CONFIRM | |
| http://issues.apache.org/struts/browse/WW-2692 | x_refsource_CONFIRM | |
| http://osvdb.org/49732 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32495"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fisheye6.atlassian.com/cru/CR-9/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://struts.apache.org/2.x/docs/s2-003.html"
},
{
"name": "xwork-parameterinterceptor-security-bypass(46328)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46328"
},
{
"name": "ADV-2008-3003",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3003"
},
{
"name": "ADV-2008-3004",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3004"
},
{
"name": "32101",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32101"
},
{
"name": "32497",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32497"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jira.opensymphony.com/browse/XW-641"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.apache.org/struts/browse/WW-2692"
},
{
"name": "49732",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \\u0023 representation for the # character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32495"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fisheye6.atlassian.com/cru/CR-9/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://struts.apache.org/2.x/docs/s2-003.html"
},
{
"name": "xwork-parameterinterceptor-security-bypass(46328)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46328"
},
{
"name": "ADV-2008-3003",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3003"
},
{
"name": "ADV-2008-3004",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3004"
},
{
"name": "32101",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32101"
},
{
"name": "32497",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32497"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jira.opensymphony.com/browse/XW-641"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.apache.org/struts/browse/WW-2692"
},
{
"name": "49732",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49732"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \\u0023 representation for the # character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32495"
},
{
"name": "http://fisheye6.atlassian.com/cru/CR-9/",
"refsource": "CONFIRM",
"url": "http://fisheye6.atlassian.com/cru/CR-9/"
},
{
"name": "http://struts.apache.org/2.x/docs/s2-003.html",
"refsource": "CONFIRM",
"url": "http://struts.apache.org/2.x/docs/s2-003.html"
},
{
"name": "xwork-parameterinterceptor-security-bypass(46328)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46328"
},
{
"name": "ADV-2008-3003",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3003"
},
{
"name": "ADV-2008-3004",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3004"
},
{
"name": "32101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32101"
},
{
"name": "32497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32497"
},
{
"name": "http://jira.opensymphony.com/browse/XW-641",
"refsource": "CONFIRM",
"url": "http://jira.opensymphony.com/browse/XW-641"
},
{
"name": "http://issues.apache.org/struts/browse/WW-2692",
"refsource": "CONFIRM",
"url": "http://issues.apache.org/struts/browse/WW-2692"
},
{
"name": "49732",
"refsource": "OSVDB",
"url": "http://osvdb.org/49732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6504",
"datePublished": "2009-03-23T14:00:00",
"dateReserved": "2009-03-23T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1772
Vulnerability from cvelistv5
Published
2011-05-13 17:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2011/1198 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/47784 | vdb-entry, x_refsource_BID | |
| http://struts.apache.org/2.x/docs/s2-006.html | x_refsource_CONFIRM | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN25435092/index.html | third-party-advisory, x_refsource_JVN | |
| http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html | x_refsource_MISC | |
| http://struts.apache.org/2.2.3/docs/version-notes-223.html | x_refsource_CONFIRM | |
| http://www.ventuneac.net/security-advisories/MVSA-11-006 | x_refsource_MISC | |
| https://issues.apache.org/jira/browse/WW-3579 | x_refsource_CONFIRM | |
| http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-1198",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1198"
},
{
"name": "47784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47784"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://struts.apache.org/2.x/docs/s2-006.html"
},
{
"name": "JVNDB-2011-000106",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106"
},
{
"name": "JVN#25435092",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN25435092/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://struts.apache.org/2.2.3/docs/version-notes-223.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-19T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2011-1198",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1198"
},
{
"name": "47784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47784"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://struts.apache.org/2.x/docs/s2-006.html"
},
{
"name": "JVNDB-2011-000106",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106"
},
{
"name": "JVN#25435092",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN25435092/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://struts.apache.org/2.2.3/docs/version-notes-223.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/WW-3579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1772",
"datePublished": "2011-05-13T17:00:00",
"dateReserved": "2011-04-19T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201008-0298
Vulnerability from variot
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504. Used for multiple products Apache Struts of XWork In OGNL For the expression evaluation of "#" ParameterInterceptors A vulnerability exists that bypasses the protection mechanism. XWork is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. Attackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer. This issue is related to the vulnerability documented in BID 32101 (XWork 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability); the implemented solution appears to have been incomplete. The component uses the ParameterInterceptors directive to parse the Object-Graph Navigation Language (OGNL) expressions that are implemented via a whitelist feature. An attacker could exploit this vulnerability by sending crafted requests that contain OGNL expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system.
Cisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000 Series. Customers using Cisco Business Edition 3000 Series should contact their Cisco representative for available options.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. ----------------------------------------------------------------------
Passionate about writing secure code?
http://secunia.com/company/jobs/open_positions/talented_programmer
Read this if your favourite tool is a disassembler
http://secunia.com/company/jobs/open_positions/reverse_engineer
TITLE: XWork "ParameterInterceptor" Security Bypass Vulnerability
SECUNIA ADVISORY ID: SA40558
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40558/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40558
RELEASE DATE: 2010-07-13
DISCUSS ADVISORY: http://secunia.com/advisories/40558/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/40558/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40558
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in XWork, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to the "ParameterInterceptor" class improperly restricting access to server-side objects. This can be exploited to modify server-side objects and e.g.
This is related to: SA32495
SOLUTION: Filter malicious characters and character sequences using a proxy.
PROVIDED AND/OR DISCOVERED BY: Meder Kydyraliev, Google Security Team
ORIGINAL ADVISORY: http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2011-0005 Synopsis: VMware vCenter Orchestrator remote code execution vulnerability Issue date: 2011-03-14 Updated on: 2011-03-14 (initial release of advisory) CVE numbers: CVE-2010-1870
- Summary
A vulnerability in VMware vCenter Orchestrator(vCO) could allow remote execution.
- Relevant releases
VMware vCenter Orchestrator 4.1 VMware vCenter Orchestrator 4.0
-
Problem Description
VMware vCenter Orchestrator is an application to automate management tasks. It embeds Apache Struts (version 2.0.11) which is a third party component.
The following vulnerability has been reported in Apache Struts 2.0.11 or earlier. A remote execution of code vulnerability could allow malicious users to bypass the '#'-usage protection built into the ParametersInterceptor, which could allow server side context objects to be manipulated.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1870 to this vulnerability.
VMware would like to thank the Vulnerability Research Team of Digital Defense, Inc. for reporting this issue to us.
Apache Struts version 2.0.11 and earlier also contain vulnerabilities which have not been assigned CVE names. This advisory also addresses these vulnerabilities described at the following URLs:
- http://struts.apache.org/2.2.1/docs/s2-002.html
- http://struts.apache.org/2.2.1/docs/s2-003.html
- http://struts.apache.org/2.2.1/docs/s2-004.html
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCO 4.1 Windows vCO fix for Apache Struts * vCO 4.0 Windows vCO fix for Apache Struts *
- Refer to VMware Knowledge Base article 1034175 for a workaround.
-
Solution
Vmware vCenter Orchestrator
vCenter Orchestrator workaround for Apache Struts http://kb.vmware.com/kb/1034175
-
References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1870
- Change log
2011-03-14 VMSA-2011-0005 Initial security advisory in conjunction with the release of an Apache Struts workaround for VMware vCenter Orchestrator on 2011-03-14.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2011 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8
wj8DBQFNfoXpS2KysvBH1xkRAiuiAJ9nyIgRIEiD4kYI7ZODRu/m0iJOQgCeIbKD J0gV3DRUWD3NMkMKC/ysvZE= =8K7w -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
For more information: SA40558
SOLUTION: Update to FishEye 2.3.3 and Crucible 2.3.3 or apply patches.
For more information: SA40558
SOLUTION: Fixed in the SVN repository. Document Title:
===============
LISTSERV Maestro Remote Code Execution Vulnerability
References (Source):
====================
https://www.securifera.com/advisories/sec-2020-0001/
https://www.lsoft.com/products/maestro.asp
Release Date:
=============
2020-10-20
Product & Service Introduction:
===============================
LISTSERV Maestro is an enterprise email marketing solution and allows you to easily engage your subscribers with targeted, intelligence-based opt-in campaigns. It offers easy tracking, reporting and list segmentation in a complete email marketing and analytics package.
Vulnerability Information:
==============================
Class: CWE-917 : Expression Language (EL) Injection
Impact: Remote Code Execution
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2010-1870
Vulnerability Description:
==============================
A unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, version 9.0-8 and prior. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be exploitable in both the Windows and Linux version of the software and has existed in the LISTSERV Maestro software since at least version 8.1-5. As a result, a specially crafted HTTP request can be constructed that executes code in the context of the web application. Exploitation of this vulnerability does not require authentication and can lead to root level privilege on any system running the LISTServ Maestro services.
Vulnerability Disclosure Timeline:
==================================
2020-10-12: Contact Vendor and Request Security Contact Info From Support Team
2020-10-12: Report Vulnerability Information to Vendor
2020-10-12: Vendor Confirms Submission
2020-10-13: Vendor Releases Patch
2020-10-13: Securifera Confirms With Vendor that the Patch Mitigates CVE-2010-1870 but suggest upgrading vulnerable struts library
2020-10-15: Vendor Approves Public Disclosure
Affected Product(s):
====================
LISTSERV Maestro 9.0-8 and prior
Severity Level:
===============
High
Proof of Concept (PoC):
=======================
A proof of concept will not be provided at this time.
Solution - Fix & Patch:
=======================
Temporary patch: https://dropbox.lsoft.us/download/LMA9.0-8-patch-2020-10-13.zip
Security Risk:
==============
The security risk of this remote code execution vulnerability is estimated as high. (CVSS 10.0)
Credits & Authors:
==================
Securifera, Inc - b0yd (@rwincey)
Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. Securifera disclaims all
warranties, either expressed or implied,
including the warranties of merchantability and capability for a particular purpose. Securifera is not liable in any
case of damage,
including direct, indirect, incidental, consequential loss of business profits or special damages, even if Securifera
or its suppliers have been advised
of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential
or incidental damages so the foregoing
limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, or hack into any
systems.
Domains: www.securifera.com
Contact: contact [at] securifera [dot] com
Social: twitter.com/securifera
Copyright C 2020 | Securifera, Inc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201008-0298",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "struts",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.1.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.1.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.1.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.1.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.1.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.12"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.1.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.1.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.1.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.1.8.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.10"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.11.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.13"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.11.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.11"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.14"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.9"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "2.0.0 to 2.1.8.1"
},
{
"model": "alive enterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "7.2"
},
{
"model": "vcenter orchestrator",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "4.0 (windows)"
},
{
"model": "vcenter orchestrator",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "4.1 (windows)"
},
{
"model": "business edition 3000",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "identity services engine",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "media experience engine",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3500"
},
{
"model": "unified contact center enterprise",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "vcenter orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "vcenter orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "xwork",
"scope": "eq",
"trust": 0.3,
"vendor": "opensymphony",
"version": "2.1.5"
},
{
"model": "xwork",
"scope": "eq",
"trust": 0.3,
"vendor": "opensymphony",
"version": "2.1"
},
{
"model": "xwork",
"scope": "eq",
"trust": 0.3,
"vendor": "opensymphony",
"version": "2.0.6"
},
{
"model": "xwork",
"scope": "eq",
"trust": 0.3,
"vendor": "opensymphony",
"version": "2.0.5"
},
{
"model": "xwork",
"scope": "eq",
"trust": 0.3,
"vendor": "opensymphony",
"version": "2.0.4"
},
{
"model": "xwork",
"scope": "eq",
"trust": 0.3,
"vendor": "opensymphony",
"version": "2.0.3"
},
{
"model": "xwork",
"scope": "eq",
"trust": 0.3,
"vendor": "opensymphony",
"version": "2.0.2"
},
{
"model": "xwork",
"scope": "eq",
"trust": 0.3,
"vendor": "opensymphony",
"version": "2.0.1"
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "fisheye",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.3.4"
},
{
"model": "fisheye",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.2.3"
},
{
"model": "crucible",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.3.2"
},
{
"model": "crucible",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.2.3"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.8.1"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.8"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.1"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.12"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11.2"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11.1"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.9"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.8"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.7"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.6"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.5"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.4"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.3"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.2"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.1"
},
{
"model": "software foundation struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"model": "software foundation archiva",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.4"
},
{
"model": "software foundation archiva",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.3"
},
{
"model": "software foundation archiva",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "software foundation archiva",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.5"
},
{
"model": "software foundation archiva",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3"
},
{
"model": "media experience engine",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "56001.0"
},
{
"model": "fisheye",
"scope": "ne",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.3.1"
},
{
"model": "crucible",
"scope": "ne",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.3.3"
},
{
"model": "software foundation struts",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
}
],
"sources": [
{
"db": "BID",
"id": "41592"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002831"
},
{
"db": "NVD",
"id": "CVE-2010-1870"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-173"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1870"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "b0yd",
"sources": [
{
"db": "PACKETSTORM",
"id": "159643"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-173"
}
],
"trust": 0.7
},
"cve": "CVE-2010-1870",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2010-1870",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-1870",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201008-173",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2010-1870",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-1870"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002831"
},
{
"db": "NVD",
"id": "CVE-2010-1870"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-173"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504. Used for multiple products Apache Struts of XWork In OGNL For the expression evaluation of \"#\" ParameterInterceptors A vulnerability exists that bypasses the protection mechanism. XWork is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. \nAttackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer. \nThis issue is related to the vulnerability documented in BID 32101 (XWork \u0027ParameterInterceptor\u0027 Class OGNL Security Bypass Vulnerability); the implemented solution appears to have been incomplete. The component uses the ParameterInterceptors directive to parse the Object-Graph Navigation Language (OGNL) expressions that are implemented via a whitelist feature. An attacker could exploit this vulnerability by sending crafted requests that contain OGNL expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system. \n\nCisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000 Series. Customers using Cisco Business Edition 3000 Series should contact their Cisco representative for available options. \n\nCisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. ----------------------------------------------------------------------\n\n\nPassionate about writing secure code?\n\nhttp://secunia.com/company/jobs/open_positions/talented_programmer\n\n\nRead this if your favourite tool is a disassembler\n\nhttp://secunia.com/company/jobs/open_positions/reverse_engineer\n\n\n----------------------------------------------------------------------\n\nTITLE:\nXWork \"ParameterInterceptor\" Security Bypass Vulnerability\n\nSECUNIA ADVISORY ID:\nSA40558\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40558/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40558\n\nRELEASE DATE:\n2010-07-13\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40558/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40558/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40558\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in XWork, which can be exploited by\nmalicious people to bypass certain security restrictions. \n\nThe vulnerability is caused due to the \"ParameterInterceptor\" class\nimproperly restricting access to server-side objects. This can be\nexploited to modify server-side objects and e.g. \n\nThis is related to:\nSA32495\n\nSOLUTION:\nFilter malicious characters and character sequences using a proxy. \n\nPROVIDED AND/OR DISCOVERED BY:\nMeder Kydyraliev, Google Security Team\n\nORIGINAL ADVISORY:\nhttp://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2011-0005\nSynopsis: VMware vCenter Orchestrator remote code execution\n vulnerability\nIssue date: 2011-03-14\nUpdated on: 2011-03-14 (initial release of advisory)\nCVE numbers: CVE-2010-1870\n- ------------------------------------------------------------------------\n\n1. Summary\n\n A vulnerability in VMware vCenter Orchestrator(vCO) could allow\n remote execution. \n\n2. Relevant releases\n\n VMware vCenter Orchestrator 4.1\n VMware vCenter Orchestrator 4.0\n\n3. Problem Description\n\n VMware vCenter Orchestrator is an application to automate\n management tasks. It embeds Apache Struts (version 2.0.11) which is\n a third party component. \n\n The following vulnerability has been reported in Apache Struts\n 2.0.11 or earlier. A remote execution of code vulnerability could\n allow malicious users to bypass the \u0027#\u0027-usage protection built into\n the ParametersInterceptor, which could allow server side context\n objects to be manipulated. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-1870 to this vulnerability. \n\n VMware would like to thank the Vulnerability Research Team of\n Digital Defense, Inc. for reporting this issue to us. \n\n Apache Struts version 2.0.11 and earlier also contain\n vulnerabilities which have not been assigned CVE names. This\n advisory also addresses these vulnerabilities described at the\n following URLs:\n\n * http://struts.apache.org/2.2.1/docs/s2-002.html\n * http://struts.apache.org/2.2.1/docs/s2-003.html\n * http://struts.apache.org/2.2.1/docs/s2-004.html\n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCO 4.1 Windows vCO fix for Apache Struts *\n vCO 4.0 Windows vCO fix for Apache Struts *\n\n * Refer to VMware Knowledge Base article 1034175 for a workaround. \n\n4. Solution\n\n Vmware vCenter Orchestrator\n ---------------------------\n vCenter Orchestrator workaround for Apache Struts\n http://kb.vmware.com/kb/1034175\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1870\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2011-03-14 VMSA-2011-0005\nInitial security advisory in conjunction with the release of an Apache\nStruts workaround for VMware vCenter Orchestrator on 2011-03-14. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Advisories\nhttp://www.vmware.com/security/advisories\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2011 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.8.3 (Build 4028)\nCharset: utf-8\n\nwj8DBQFNfoXpS2KysvBH1xkRAiuiAJ9nyIgRIEiD4kYI7ZODRu/m0iJOQgCeIbKD\nJ0gV3DRUWD3NMkMKC/ysvZE=\n=8K7w\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nFor more information:\nSA40558\n\nSOLUTION:\nUpdate to FishEye 2.3.3 and Crucible 2.3.3 or apply patches. \n\nFor more information:\nSA40558\n\nSOLUTION:\nFixed in the SVN repository. Document Title:\n\n===============\n\nLISTSERV Maestro Remote Code Execution Vulnerability\n\n \n\nReferences (Source):\n\n====================\n\nhttps://www.securifera.com/advisories/sec-2020-0001/\n\nhttps://www.lsoft.com/products/maestro.asp\n\n \n\nRelease Date:\n\n=============\n\n2020-10-20\n\n \n\nProduct \u0026 Service Introduction:\n\n===============================\n\nLISTSERV Maestro is an enterprise email marketing solution and allows you to\neasily engage your subscribers with targeted, intelligence-based opt-in\ncampaigns. It offers easy tracking, reporting and list segmentation in a\ncomplete email marketing and analytics package. \n\n \n\n \n\nVulnerability Information:\n\n==============================\n\nClass: CWE-917 : Expression Language (EL) Injection\n\nImpact: Remote Code Execution\n\nRemotely Exploitable: Yes\n\nLocally Exploitable: Yes\n\nCVE Name: CVE-2010-1870\n\n \n\nVulnerability Description:\n\n==============================\n\nA unauthenticated remote code execution vulnerability was found in the\nLISTSERV Maestro software, version 9.0-8 and prior. This vulnerability stems\nfrom a known issue in struts, CVE-2010-1870, that allows for code execution\nvia OGNL Injection. This vulnerability has been confirmed to be exploitable\nin both the Windows and Linux version of the software and has existed in the\nLISTSERV Maestro software since at least version 8.1-5. As a result, a\nspecially crafted HTTP request can be constructed that executes code in the\ncontext of the web application. Exploitation of this vulnerability does not\nrequire authentication and can lead to root level privilege on any system\nrunning the LISTServ Maestro services. \n\n \n\nVulnerability Disclosure Timeline:\n\n==================================\n\n2020-10-12: Contact Vendor and Request Security Contact Info From Support\nTeam\n\n2020-10-12: Report Vulnerability Information to Vendor\n\n2020-10-12: Vendor Confirms Submission\n\n2020-10-13: Vendor Releases Patch\n\n2020-10-13: Securifera Confirms With Vendor that the Patch Mitigates\nCVE-2010-1870 but suggest upgrading vulnerable struts library\n\n2020-10-15: Vendor Approves Public Disclosure\n\n \n\n \n\nAffected Product(s):\n\n====================\n\nLISTSERV Maestro 9.0-8 and prior\n\n \n\nSeverity Level:\n\n===============\n\nHigh\n\n \n\nProof of Concept (PoC):\n\n=======================\n\nA proof of concept will not be provided at this time. \n\n \n\nSolution - Fix \u0026 Patch:\n\n=======================\n\nTemporary patch:\nhttps://dropbox.lsoft.us/download/LMA9.0-8-patch-2020-10-13.zip\n\n \n\nSecurity Risk:\n\n==============\n\nThe security risk of this remote code execution vulnerability is estimated\nas high. (CVSS 10.0)\n\n \n\nCredits \u0026 Authors:\n\n==================\n\nSecurifera, Inc - b0yd (@rwincey)\n\n \n\nDisclaimer \u0026 Information:\n\n=========================\n\nThe information provided in this advisory is provided as it is without any\nwarranty. Securifera disclaims all \n\nwarranties, either expressed or implied, \n\nincluding the warranties of merchantability and capability for a particular\npurpose. Securifera is not liable in any \n\ncase of damage, \n\nincluding direct, indirect, incidental, consequential loss of business\nprofits or special damages, even if Securifera \n\nor its suppliers have been advised \n\nof the possibility of such damages. Some states do not allow the exclusion\nor limitation of liability for consequential \n\nor incidental damages so the foregoing \n\nlimitation may not apply. We do not approve or encourage anybody to break\nany licenses, policies, or hack into any \n\nsystems. \n\n \n\nDomains: www.securifera.com\n\nContact: contact [at] securifera [dot] com\n\nSocial: twitter.com/securifera\n\n \n\nCopyright C 2020 | Securifera, Inc\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1870"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002831"
},
{
"db": "BID",
"id": "41592"
},
{
"db": "VULMON",
"id": "CVE-2010-1870"
},
{
"db": "PACKETSTORM",
"id": "127408"
},
{
"db": "PACKETSTORM",
"id": "91733"
},
{
"db": "PACKETSTORM",
"id": "99317"
},
{
"db": "PACKETSTORM",
"id": "91735"
},
{
"db": "PACKETSTORM",
"id": "91732"
},
{
"db": "PACKETSTORM",
"id": "159643"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=14360",
"trust": 0.2,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-1870"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-1870",
"trust": 3.4
},
{
"db": "BID",
"id": "41592",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "66280",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "159643",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "59110",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "14360",
"trust": 1.7
},
{
"db": "SREASON",
"id": "8345",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002831",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201008-173",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "40558",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "40576",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "40575",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2010-1870",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127408",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "91733",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99317",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "91735",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "91732",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-1870"
},
{
"db": "BID",
"id": "41592"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002831"
},
{
"db": "PACKETSTORM",
"id": "127408"
},
{
"db": "PACKETSTORM",
"id": "91733"
},
{
"db": "PACKETSTORM",
"id": "99317"
},
{
"db": "PACKETSTORM",
"id": "91735"
},
{
"db": "PACKETSTORM",
"id": "91732"
},
{
"db": "PACKETSTORM",
"id": "159643"
},
{
"db": "NVD",
"id": "CVE-2010-1870"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-173"
}
]
},
"id": "VAR-201008-0298",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2
},
"last_update_date": "2023-12-18T13:49:17.967000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2010-1870: Struts2 remote commands execution",
"trust": 0.8,
"url": "http://archiva.apache.org/security.html"
},
{
"title": "S2-005",
"trust": 0.8,
"url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
},
{
"title": "cisco-sa-20140709-struts2",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140709-struts2"
},
{
"title": "VMSA-2011-0005",
"trust": 0.8,
"url": "http://www.vmware.com/jp/support/support-resources/advisories/vmsa-2011-0005.html"
},
{
"title": "cisco-sa-20140709-struts2",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/jp/112/1122/1122766_cisco-sa-20140709-struts2-j.html"
},
{
"title": "struts2-2.2.1-lib",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40173"
},
{
"title": "struts2-2.2.1-apps",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40172"
},
{
"title": "struts2-2.2.1-all",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40171"
},
{
"title": "struts2-2.2.1-src",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40175"
},
{
"title": "struts2-2.2.1-docs",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40174"
},
{
"title": "Cisco: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20140709-struts2"
},
{
"title": "VMware Security Advisories: VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=491bec6555e9512a68aa300b151531ed"
},
{
"title": "Struts2_Bugs",
"trust": 0.1,
"url": "https://github.com/fupinglee/struts2_bugs "
},
{
"title": "vulmap",
"trust": 0.1,
"url": "https://github.com/zhzyker/vulmap "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2014/07/14/apache_patch_cisco_catches_up_with_ancient_struts2_vuln/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-1870"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002831"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-173"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002831"
},
{
"db": "NVD",
"id": "CVE-2010-1870"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/41592"
},
{
"trust": 2.3,
"url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/159643/listserv-maestro-9.0-8-remote-code-execution.html"
},
{
"trust": 2.1,
"url": "http://confluence.atlassian.com/display/fisheye/fisheye+security+advisory+2010-06-16"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2020/oct/23"
},
{
"trust": 1.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140709-struts2"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2010/jul/183"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59110"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/8345"
},
{
"trust": 1.7,
"url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/14360"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/66280"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1870"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1870"
},
{
"trust": 0.8,
"url": "http://osvdb.org/66280"
},
{
"trust": 0.4,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=956389"
},
{
"trust": 0.3,
"url": "http://www.opensymphony.com/xwork/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1870"
},
{
"trust": 0.3,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.3,
"url": "http://secunia.com/company/jobs/open_positions/talented_programmer"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.3,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.3,
"url": "http://secunia.com/company/jobs/open_positions/reverse_engineer"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/struts-cve-2010-1870"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=21731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/14360/"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/multi/http/struts_code_exec"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40558"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40558/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40558/#comments"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1034175"
},
{
"trust": 0.1,
"url": "http://struts.apache.org/2.2.1/docs/s2-003.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "http://struts.apache.org/2.2.1/docs/s2-002.html"
},
{
"trust": 0.1,
"url": "http://struts.apache.org/2.2.1/docs/s2-004.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40576/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40576"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40576/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40575/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40575/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40575"
},
{
"trust": 0.1,
"url": "https://dropbox.lsoft.us/download/lma9.0-8-patch-2020-10-13.zip"
},
{
"trust": 0.1,
"url": "https://www.lsoft.com/products/maestro.asp"
},
{
"trust": 0.1,
"url": "https://www.securifera.com/advisories/sec-2020-0001/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-1870"
},
{
"db": "BID",
"id": "41592"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002831"
},
{
"db": "PACKETSTORM",
"id": "127408"
},
{
"db": "PACKETSTORM",
"id": "91733"
},
{
"db": "PACKETSTORM",
"id": "99317"
},
{
"db": "PACKETSTORM",
"id": "91735"
},
{
"db": "PACKETSTORM",
"id": "91732"
},
{
"db": "PACKETSTORM",
"id": "159643"
},
{
"db": "NVD",
"id": "CVE-2010-1870"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-173"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2010-1870"
},
{
"db": "BID",
"id": "41592"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002831"
},
{
"db": "PACKETSTORM",
"id": "127408"
},
{
"db": "PACKETSTORM",
"id": "91733"
},
{
"db": "PACKETSTORM",
"id": "99317"
},
{
"db": "PACKETSTORM",
"id": "91735"
},
{
"db": "PACKETSTORM",
"id": "91732"
},
{
"db": "PACKETSTORM",
"id": "159643"
},
{
"db": "NVD",
"id": "CVE-2010-1870"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-173"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2010-1870"
},
{
"date": "2010-07-13T00:00:00",
"db": "BID",
"id": "41592"
},
{
"date": "2011-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002831"
},
{
"date": "2014-07-09T17:20:53",
"db": "PACKETSTORM",
"id": "127408"
},
{
"date": "2010-07-13T05:27:52",
"db": "PACKETSTORM",
"id": "91733"
},
{
"date": "2011-03-15T01:37:07",
"db": "PACKETSTORM",
"id": "99317"
},
{
"date": "2010-07-13T05:27:58",
"db": "PACKETSTORM",
"id": "91735"
},
{
"date": "2010-07-13T05:27:50",
"db": "PACKETSTORM",
"id": "91732"
},
{
"date": "2020-10-20T20:17:41",
"db": "PACKETSTORM",
"id": "159643"
},
{
"date": "2010-08-17T20:00:03.407000",
"db": "NVD",
"id": "CVE-2010-1870"
},
{
"date": "2010-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-173"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-20T00:00:00",
"db": "VULMON",
"id": "CVE-2010-1870"
},
{
"date": "2014-09-01T01:23:00",
"db": "BID",
"id": "41592"
},
{
"date": "2015-08-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002831"
},
{
"date": "2020-10-20T22:15:15.390000",
"db": "NVD",
"id": "CVE-2010-1870"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-173"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "127408"
},
{
"db": "PACKETSTORM",
"id": "99317"
},
{
"db": "PACKETSTORM",
"id": "159643"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-173"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Struts of XWork Vulnerabilities that bypass object protection mechanisms",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002831"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-173"
}
],
"trust": 0.6
}
}