CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to “manipulate” the ClassLoader and execute arbitrary code via a crafte…
[org.apache.struts:struts2-core] Arbitrary code execution in Apache Struts
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
References
https://nvd.nist.gov/vuln/detail/C…
[org.apache.struts:struts2-core] ClassLoader manipulation in Apache Struts
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to “manipulate” the ClassLoader via the class parameter, which is passed to the getClass method.
References
https://nvd.nist.gov/vuln/detail/CVE-2014-0094
http://jvn.jp…
[org.apache.struts:struts2-core] ClassLoader manipulation in Apache Struts
CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to “manipulate” the ClassLoader and modify session state via a craf…
[org.apache.struts:struts2-core] Path Traversal in Apache Struts
In Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. This vulnerability is only exploitable when using the Struts 2 C…
[org.apache.struts:struts2-core] Arbitrary code execution in Apache Struts 2
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
References
https://nvd.nist.gov/vuln/detail/CVE-2016-4438
https://bugzilla.redhat.com/show_bug.cgi?id=1348238
https:…
[org.apache.santuario:xmlsec] Apache XML Security For Java vulnerable to Infinite Loop
Affected versions of xmlsec are subject to a denial of service vulnerability. Should a user check the signature of a message larger than 512 MB, the method expandSize(int newPos) of class org.apache.xml.security.utils.UnsyncByteArrayOutputStream goes i…
[org.csanchez.jenkins.plugins:kubernetes] Exposure of Sensitive Information in Jenkins Kubernetes Plugin
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
References
https://nvd.nist.g…
[org.jenkins-ci.main:jenkins-core] Infinite Loop in Jenkins Core
A Cron expression form validation could enter infinite loop, potentially resulting in denial of service. The form validation for cron expressions (e.g. “Poll SCM”, “Build periodically”) could enter infinite loops when cron expressions only matching cer…
[org.apache.guacamole:guacamole-common] Missing Encryption of Sensitive Data in Apache Guacamole
Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user’s session token. This cookie lacked the “secure” flag, which could allow an attacker eavesdropping on the network to intercept the user’s session token if unencrypted HT…