Skip to end of metadata
Go to start of metadata

The following security bulletins are available:

  • S2-001Remote code exploit on form validation error
  • S2-002Cross site scripting (XSS) vulnerability on <s:url> and <s:a> tags
  • S2-003XWork ParameterInterceptors bypass allows OGNL statement execution
  • S2-004Directory traversal vulnerability while serving static content
  • S2-005XWork ParameterInterceptors bypass allows remote command execution
  • S2-006Multiple Cross-Site Scripting (XSS) in XWork generated error pages
  • S2-007User input is evaluated as an OGNL expression when there's a conversion error
  • S2-008Multiple critical vulnerabilities in Struts2
  • S2-009ParameterInterceptor vulnerability allows remote command execution
  • S2-010When using Struts 2 token mechanism for CSRF protection, token check may be bypassed by misusing known session attributes
  • S2-011Long request parameter names might significantly promote the effectiveness of DOS attacks
  • S2-012Showcase app vulnerability allows remote command execution
  • S2-013A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution
  • S2-014A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks
  • S2-015A vulnerability introduced by wildcard matching mechanism or double evaluation of OGNL Expression allows remote command execution.
  • S2-016A vulnerability introduced by manipulating parameters prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command execution
  • S2-017A vulnerability introduced by manipulating parameters prefixed with "redirect:"/"redirectAction:" allows for open redirects
  • S2-018Broken Access Control Vulnerability in Apache Struts2
  • S2-019Dynamic Method Invocation disabled by default
  • S2-020Upgrade Commons FileUpload to version 1.3.1 (avoids DoS attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader manipulation)
  • S2-021Improves excluded params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader manipulation
  • S2-022Extends excluded params in CookieInterceptor to avoid manipulation of Struts' internals
  • S2-023Generated value of token can be predictable
  • S2-024Wrong excludeParams overrides those defined in DefaultExcludedPatternsChecker
  • S2-025Cross-Site Scripting Vulnerability in Debug Mode and in exposed JSP files
  • S2-026Special top object can be used to access Struts' internals
  • S2-027TextParseUtil.translateVariables does not filter malicious OGNL expressions
  • S2-028Use of a JRE with broken URLDecoder implementation may lead to XSS vulnerability in Struts 2 based web applications.
  • S2-029Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
  • S2-030Possible XSS vulnerability in I18NInterceptor
  • S2-031XSLTResult can be used to parse arbitrary stylesheet
  • S2-032Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.
  • S2-033Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.
  • S2-034OGNL cache poisoning can lead to DoS vulnerability
  • S2-035Action name clean up is error prone
  • S2-036Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029)
  • S2-037Remote Code Execution can be performed when using REST Plugin.
  • S2-038It is possible to bypass token validation and perform a CSRF attack
  • S2-039Getter as action method leads to security bypass
  • S2-040Input validation bypass using existing default action method.
  • S2-041Possible DoS attack when using URLValidator
  • S2-042Possible path traversal in the Convention plugin
  • S2-043Using the Config Browser plugin in production
  • S2-044Possible DoS attack when using URLValidator
  • S2-045Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser.
  • S2-046Possible RCE when performing file upload based on Jakarta Multipart parser (similar to S2-045)
  • S2-047Possible DoS attack when using URLValidator (similar to S2-044)
  • S2-048Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series
  • S2-049A DoS attack is available for Spring secured actions
  • S2-050A regular expression Denial of Service when using URLValidator (similar to S2-044 & S2-047)
  • S2-051A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin
  • S2-052Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads
  • S2-053A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals
  • S2-054A crafted JSON request can be used to perform a DoS attack when using the Struts REST plugin
  • S2-055A RCE vulnerability in the Jackson JSON library
  • S2-056A crafted XML request can be used to perform a DoS attack when using the Struts REST plugin
  • S2-057Possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn’t have value and action set and in same time, its upper package have no or wildcard namespace.
  • No labels