Lucene search
GoogleOSV:GHSA-876P-4WGC-75RXHistoryMay 14, 2022 - 12:52 a.m.
Apache Struts RCE Vulnerability
2022-05-1400:52:12
Google
osv.dev
8
Apache Struts 2.x before 2.3.20.3, 2.3.24.3, and 2.3.28 allows remote attackers to execute arbitrary code via a %{} sequence in a tag attribute, aka forced double OGNL evaluation.
References
struts.apache.org/docs/s2-029.html
github.com/apache/struts
github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364
nvd.nist.gov/vuln/detail/CVE-2016-0785
web.archive.org/web/20210123095715/www.securityfocus.com/bid/85066
web.archive.org/web/20220118185853/www.securitytracker.com/id/1035271
Related
ubuntucve
ubuntucve
CVE-2016-0785
2016-04-12 00:00:00
CVE-2016-4461
2017-10-16 00:00:00
nvd
nvd
CVE-2016-0785
2016-04-12 16:59:00
CVE-2016-4461
2017-10-16 16:29:00
cve
cve
CVE-2016-0785
2016-04-12 16:59:00
CVE-2016-4461
2017-10-16 16:29:00
openvas
openvas
Apache Struts Security Update (S2-029)
2016-06-07 00:00:00
nessus
nessus
Apache Struts 2 Tag Attribute Double OGNL Evaluation RCE
2016-03-24 00:00:00
Apache Struts 2.x < 2.3.28 Multiple Vulnerabilities (S2-028) (S2-029) (S2-030) (S2-034)
2016-03-24 00:00:00
Apache Struts 2.x < 2.3.29 Multiple Vulnerabilities (S2-035 - S2-040)
2016-06-24 00:00:00
ibm
ibm
prion
prion
Design/Logic Flaw
2016-04-12 16:59:00
Design/Logic Flaw
2017-10-16 16:29:00
github
github
Apache Struts RCE Vulnerability
2022-05-14 00:52:12
cvelist
cvelist
CVE-2016-0785
2016-04-12 16:00:00
CVE-2016-4461
2017-10-16 16:00:00
osv
osv
CVE-2016-4461
2017-10-16 16:29:00
f5
f5
wallarmlab
wallarmlab
New Struts2 Remote Code Execution exploit caught in the wild
2017-03-09 00:15:54