OpenSymphony XWork Apache Struts2 漏洞列表

共找到 2 个与 OpenSymphony XWork Apache Struts2 相关的漏洞

📅 加载漏洞趋势中...

CVE-2007-4556: OpenSymphony XWork/Apache Struts2 - Remote Code Execution S2-001 POC

日期: 2025-09-01 | 影响软件: OpenSymphony XWork Apache Struts2

Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for"m input beginning with a "%{" sequence and ending with a "}" character.
CVE-2007-4556: OpenSymphony XWork/Apache Struts2 - Remote Code Execution POC

日期: 2025-08-01 | 影响软件: OpenSymphony XWork Apache Struts2

Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for"m input beginning with a "%{" sequence and ending with a "}" character.