漏洞描述
Apache Struts是美国阿帕奇(Apache)软件基金会负责维护的一个开源项目,是一套用于创建企业级Java Web应用的开源MVC框架,主要提供两个版本框架产品,Struts 1和Struts 2。Apache Struts 2是Apache Struts的下一代产品,是在Struts 1和WebWork的技术基础上进行了合并的全新Struts 2框架,其体系结构与Struts 1差别较大。
Apache Struts 'TextParseUtil.translateVariables()'远程代码执行漏洞(S2-027)
PoC代码
暂无相关漏洞推荐
- Apache Struts2 S2-067 /index.action 文件上传漏洞(CVE-2024-53677)
- Apache Struts2 2.0.0~2.2.3 S2-007 /user.action 命令执行漏洞(CVE-2012-0838)
- POC CVE-2007-4556: OpenSymphony XWork/Apache Struts2 - Remote Code Execution
- POC CVE-2012-0392: Apache Struts2 S2-008 RCE
- POC CVE-2012-0394: Apache Struts <2.3.1.1 - Remote Code Execution
- POC CVE-2013-1965: Apache Struts2 S2-012 RCE
- POC CVE-2013-2248: Apache Struts - Multiple Open Redirection Vulnerabilities
- POC CVE-2013-2251: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
- POC CVE-2017-12611: Apache Struts2 S2-053 - Remote Code Execution
- POC CVE-2017-5638: Apache Struts 2 - Remote Command Execution
- POC CVE-2017-9791: Apache Struts2 S2-053 - Remote Code Execution
- POC CVE-2017-9805: Apache Struts2 S2-052 - Remote Code Execution
- POC CVE-2018-11776: Apache Struts2 S2-057 - Remote Code Execution