时间 | 节点 | |
---|---|---|
2022年4月13日 00:31 | struts漏洞监控 | S2-062 - Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to remote code execution - same as S2-061. |
2020年12月8日 16:01 | struts漏洞监控 | S2-061 - Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution - similar to S2-059. |
2020年10月7日 21:44 | struts漏洞监控 | S2-001 - Remote code exploit on form validation error |
2020年10月7日 21:43 | struts漏洞监控 | S2-002 - Cross site scripting (XSS) vulnerability on <s:url> and <s:a> tags |
2020年10月7日 21:43 | struts漏洞监控 | S2-003 - XWork ParameterInterceptors bypass allows OGNL statement execution |
2020年10月7日 21:43 | struts漏洞监控 | S2-004 - Directory traversal vulnerability while serving static content |
2020年10月7日 21:43 | struts漏洞监控 | S2-005 - XWork ParameterInterceptors bypass allows remote command execution |
2020年10月7日 21:43 | struts漏洞监控 | S2-006 - Multiple Cross-Site Scripting (XSS) in XWork generated error pages |
2020年10月7日 21:43 | struts漏洞监控 | S2-007 - User input is evaluated as an OGNL expression when there's a conversion error |
2020年10月7日 21:43 | struts漏洞监控 | S2-008 - Multiple critical vulnerabilities in Struts2 |
2020年10月7日 21:43 | struts漏洞监控 | S2-009 - ParameterInterceptor vulnerability allows remote command execution |
2020年10月7日 21:43 | struts漏洞监控 | S2-010 - When using Struts 2 token mechanism for CSRF protection, token check may be bypassed by misusing known session attributes |
2020年10月7日 21:43 | struts漏洞监控 | S2-011 - Long request parameter names might significantly promote the effectiveness of DOS attacks |
2020年10月7日 21:43 | struts漏洞监控 | S2-012 - Showcase app vulnerability allows remote command execution |
2020年10月7日 21:43 | struts漏洞监控 | S2-013 - A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution |
2020年10月7日 21:43 | struts漏洞监控 | S2-014 - A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks |
2020年10月7日 21:43 | struts漏洞监控 | S2-015 - A vulnerability introduced by wildcard matching mechanism or double evaluation of OGNL Expression allows remote command execution. |
2020年10月7日 21:43 | struts漏洞监控 | S2-016 - A vulnerability introduced by manipulating parameters prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command execution |
2020年10月7日 21:43 | struts漏洞监控 | S2-017 - A vulnerability introduced by manipulating parameters prefixed with "redirect:"/"redirectAction:" allows for open redirects |
2020年10月7日 21:43 | struts漏洞监控 | S2-018 - Broken Access Control Vulnerability in Apache Struts2 |
2020年10月7日 21:43 | struts漏洞监控 | S2-019 - Dynamic Method Invocation disabled by default |
2020年10月7日 21:43 | struts漏洞监控 | S2-020 - Upgrade Commons FileUpload to version 1.3.1 (avoids DoS attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader manipulation) |
2020年10月7日 21:43 | struts漏洞监控 | S2-021 - Improves excluded params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader manipulation |
2020年10月7日 21:43 | struts漏洞监控 | S2-022 - Extends excluded params in CookieInterceptor to avoid manipulation of Struts' internals |
2020年10月7日 21:43 | struts漏洞监控 | S2-023 - Generated value of token can be predictable |
2020年10月7日 21:43 | struts漏洞监控 | S2-024 - Wrong excludeParams overrides those defined in DefaultExcludedPatternsChecker |
2020年10月7日 21:43 | struts漏洞监控 | S2-025 - Cross-Site Scripting Vulnerability in Debug Mode and in exposed JSP files |
2020年10月7日 21:43 | struts漏洞监控 | S2-026 - Special top object can be used to access Struts' internals |
2020年10月7日 21:43 | struts漏洞监控 | S2-027 - TextParseUtil.translateVariables does not filter malicious OGNL expressions |
2020年10月7日 21:43 | struts漏洞监控 | S2-028 - Use of a JRE with broken URLDecoder implementation may lead to XSS vulnerability in Struts 2 based web applications. |
2020年10月7日 21:43 | struts漏洞监控 | S2-029 - Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. |
2020年10月7日 21:43 | struts漏洞监控 | S2-030 - Possible XSS vulnerability in I18NInterceptor |
2020年10月7日 21:43 | struts漏洞监控 | S2-031 - XSLTResult can be used to parse arbitrary stylesheet |
2020年10月7日 21:43 | struts漏洞监控 | S2-032 - Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled. |
2020年10月7日 21:43 | struts漏洞监控 | S2-033 - Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled. |
2020年10月7日 21:43 | struts漏洞监控 | S2-034 - OGNL cache poisoning can lead to DoS vulnerability |
2020年10月7日 21:43 | struts漏洞监控 | S2-035 - Action name clean up is error prone |
2020年10月7日 21:43 | struts漏洞监控 | S2-036 - Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029) |
2020年10月7日 21:43 | struts漏洞监控 | S2-037 - Remote Code Execution can be performed when using REST Plugin. |
2020年10月7日 21:43 | struts漏洞监控 | S2-038 - It is possible to bypass token validation and perform a CSRF attack |
2020年10月7日 21:43 | struts漏洞监控 | S2-039 - Getter as action method leads to security bypass |
2020年10月7日 21:43 | struts漏洞监控 | S2-040 - Input validation bypass using existing default action method. |
2020年10月7日 21:43 | struts漏洞监控 | S2-041 - Possible DoS attack when using URLValidator |
2020年10月7日 21:43 | struts漏洞监控 | S2-042 - Possible path traversal in the Convention plugin |
2020年10月7日 21:43 | struts漏洞监控 | S2-043 - Using the Config Browser plugin in production |
2020年10月7日 21:43 | struts漏洞监控 | S2-044 - Possible DoS attack when using URLValidator |
2020年10月7日 21:43 | struts漏洞监控 | S2-045 - Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser. |
2020年10月7日 21:43 | struts漏洞监控 | S2-046 - Possible RCE when performing file upload based on Jakarta Multipart parser (similar to S2-045) |
2020年10月7日 21:43 | struts漏洞监控 | S2-047 - Possible DoS attack when using URLValidator (similar to S2-044) |
2020年10月7日 21:43 | struts漏洞监控 | S2-048 - Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series |
2020年10月7日 21:43 | struts漏洞监控 | S2-049 - A DoS attack is available for Spring secured actions |
2020年10月7日 21:43 | struts漏洞监控 | S2-050 - A regular expression Denial of Service when using URLValidator (similar to S2-044 & S2-047) |
2020年10月7日 21:43 | struts漏洞监控 | S2-051 - A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin |
2020年10月7日 21:43 | struts漏洞监控 | S2-052 - Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads |
2020年10月7日 21:43 | struts漏洞监控 | S2-053 - A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals |
2020年10月7日 21:42 | struts漏洞监控 | S2-054 - A crafted JSON request can be used to perform a DoS attack when using the Struts REST plugin |
2020年10月7日 21:42 | struts漏洞监控 | S2-055 - A RCE vulnerability in the Jackson JSON library |
2020年10月7日 21:42 | struts漏洞监控 | S2-056 - A crafted XML request can be used to perform a DoS attack when using the Struts REST plugin |
2020年10月7日 21:42 | struts漏洞监控 | S2-057 - Possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn’t have value and action set and in same time, its upper package have no or wildcard namespace. |
2020年10月7日 21:42 | struts漏洞监控 | S2-058 - Previous Security Bulletins contained incorrect affected release version ranges. |