On 31st August 2021, a critical remote code execution vulnerability was found in Confluence Server and Confluence Data Center. The vulnerability is tracked as CVE-2021-26084 and has a severity of 9.8. The OGNL (Object-Graph Navigation Language) injection vulnerability found allows an authenticated user, and in some instances unauthenticated users, to execute arbitrary code on a … Continue reading “Confluence Server OGNL injection Vulnerability (CVE-2021-26084)”
Tag: OGNL
Apache Struts OGNL Remote Code Execution Vulnerability (CVE-2020-17530)
On December 9, 2020, a security update for Struts 2 was released by the Apache Software foundation. According to an Apache advisory, the vulnerability lies in the “forced OGNL evaluation on raw user input in tag attributes”. This flaw is classified as CVE-2020-17530. A very similar flaw related to OGNL evaluation was addressed in August … Continue reading “Apache Struts OGNL Remote Code Execution Vulnerability (CVE-2020-17530)”
Apache Struts 2 Remote Code Execution Vulnerability (CVE-2019-0230, CVE-2019-0233)
Apache Struts Security Team has addressed two possible RCE bugs – CVE-2019-0230 and CVE-2019-0233 in their latest advisories published on August 13, 2020. Description Struts 2 is an open source coding framework for companies to create Java-based applications. The installations of Apache Struts 2, which are outdated, can be tentatively used to exploit CVE-2019-0230 as … Continue reading “Apache Struts 2 Remote Code Execution Vulnerability (CVE-2019-0230, CVE-2019-0233)”
Apache Struts 2 namespace Remote Code Execution Vulnerability: CVE-2018-11776
A remote code execution vulnerability was discovered in Apache Struts 2. The vulnerability in being tracked via CVE-2018-11776. Upon successful exploitation an attacker can gain remote execution on the target and ultimately take over the target machine. The issue affect all versions of Apache Struts 2, possibly even fixed versions where the settings are mis-configured. Apache has … Continue reading “Apache Struts 2 namespace Remote Code Execution Vulnerability: CVE-2018-11776”