what you don't know can hurt you

Register | Login

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 1 of 1

CVE-2011-3923

Status Candidate

Overview

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

Related Files

Apache Struts ParametersInterceptor Remote Code Execution: Posted Mar 22, 2013; Authored by Meder Kydyraliev | Site metasploit.com; This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions < 2.3.1.2. This issue is caused because the ParametersInterceptor allows for the use of parentheses which in turn allows it to interpret parameter values as OGNL expressions during certain exception handling for mismatched data types of properties which allows remote attackers to execute arbitrary Java code via a crafted parameter.; tags | exploit, java, remote, arbitrary; advisories | CVE-2011-3923, OSVDB-78501; SHA-256 | e56bcff70dfc308ffd717452aab966d54c1fdec14e8544d8df4198054ba401b9; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 287 files
Ubuntu 60 files
Gentoo 32 files
Debian 28 files
Apple 9 files
malvuln 6 files
Jann Horn 5 files
Ahmet Umit Bayram 5 files
nu11secur1ty 5 files
Google Security Research 5 files

File Tags

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,642)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,788)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,504)
UNIX (9,401)
UnixWare (187)
Windows (6,659)
Other

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links: News by Month; News Tags; Files by Month; File Tags; File Directory

About Us: History & Purpose; Contact Information; Terms of Service; Privacy Statement; Copyright Information

Services: Security Services
Hosting By: Rokasec