{"vulnerability": "CVE-2020-17530", "sightings": [{"uuid": "952a6dbb-b9eb-43e5-8fab-a4a375a7512e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:17.000000Z"}, {"uuid": "07a2ba59-da96-4faa-8258-6bb8438afe1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "fc75174f-7d87-4001-8410-7bd85072b8ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971152", "content": "", "creation_timestamp": "2024-12-24T20:25:00.977720Z"}, {"uuid": "5b4385ac-8acd-43be-aae2-b241bce4449a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "3813e96f-bbb6-448c-b52d-d2514cda3af3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:26.000000Z"}, {"uuid": "9fda5f6f-d5ae-41dd-b4d9-113cbcf9e679", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:47.000000Z"}, {"uuid": "1a1f6958-0f12-4676-a224-c47377d21ded", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/struts2_multi_eval_ognl.rb", "content": "", "creation_timestamp": "2020-12-23T17:47:29.000000Z"}, {"uuid": "c2782bf9-14c0-4aa0-abd0-2e2b40032bda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-17530", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/268dd1a9-a60c-4f31-8b33-9850e77114f8", "content": "", "creation_timestamp": "2026-02-02T12:28:35.585378Z"}, {"uuid": "6c8b977d-7980-4875-91e3-0d76362234db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "exploited", "source": "https://t.me/cKure/3504", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 CVE-2020-17530: APACHE STRUCTS VULNERABILITY EXPLOITED IN THE WILD.\n\nhttps://securitynews.sonicwall.com/xmlpost/cve-2020-17530-apache-structs-vulnerability-exploited-in-the-wild/", "creation_timestamp": "2020-12-30T04:09:26.000000Z"}, {"uuid": "8b1d0ea0-7a65-45ee-91c6-5f37248bcbb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "published-proof-of-concept", "source": "https://t.me/infosec1z/47", "content": "\ud83d\udd30Top 10 vulnerabilities in 2020:\n\n 1. CVE-2020-12720: vBulletin SQL Injection (OWASP 1: Injection)\n\n 2. CVE-2020-5902: F5 BIG IP RCE and LFI (OWASP 1: Injection)\n\n\ud83c\udfa5 CVE PoC videos\n\nhttps://youtu.be/-ppzdYDk-ZM\n\nhttps://youtube.com/playlist?list=PLiVfOzljj-46iFcif16qMaPP84ZxCZ4Mb\n\n\n\n 3. CVE-2020-15506: MobileIron Core Authentication Bypass\n (OWASP 2: Broken Authentication)\n\n 4. CVE-2020-14882: Oracle WebLogic RCE (OWASP 1: Injection)\n\n 5. CVE-2020-14750: Oracle WebLogic RCE (OWASP 1: Injection)\n\n 6. CVE-2020-17530: Apache Struts 2 RCE (OWASP 1: Injection)\n\n\ud83c\udfa5 CVE PoC videos\n\nhttps://youtu.be/MUAAwijvAe8\n\n\n 7. CVE-2020-2551: Oracle WebLogic RCE (OWASP 1: Injection)\n\n 8. CVE-2020-13379: Grafana SSRF\n (OWASP 3: Broken Access Control)\n\n 9. CVE-2020-1147: Microsoft SharePoint Server RCE\n (OWASP 1: Injection)\n\n 10. CVE-2020-8209: Citrix XenMobile Server Path Traversal\n (OWASP 3: Broken Access Control)\n\n\n\u2796\u2796 @infosec1z \u2796\u2796", "creation_timestamp": "2021-09-05T16:58:17.000000Z"}, {"uuid": "4b90624a-15cd-4935-8818-21368d524c37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "published-proof-of-concept", "source": "https://t.me/Teamx1945x/1044", "content": "\ud83d\udd30 \u0623\u0647\u0645 \u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641\u00a0 \u0645\u0639 POC\n\nCVE-2020-17530 |\u00a0 \u0623\u0628\u0627\u062a\u0634\u064a \u0627\u0644\u062f\u0639\u0627\u0645\u0627\u062a RCE\n\nhttps://youtu.be/MUAAwijvAe8\n\n\u0633\u0627\u0644\u062a\u0633\u062a\u0627\u0643 \u0622\u0631 \u0633\u064a \u0625\u064a |\u00a0 CVE-2020-16846\n\nhttps://youtu.be/5cV9wh2w-O8\n\n\u0623\u0628\u0627\u062a\u0634\u064a \u0623\u0648\u0646\u0648\u0645\u064a RCE |\u00a0 CVE-2020-13942\n\nhttps://youtu.be/iz6wjdGnpds\n\n\u0634\u0628\u062d \u0627\u0644\u0642\u0637 |\u00a0 CVE-2020-1938\n\nhttps://youtu.be/3TGIg1x4XwU\n\n\u0623\u0648\u0631\u0627\u0643\u0644 \u0648\u064a\u0628 \u0644\u0648\u062c\u064a\u0643 RCE |\u00a0 CVE-2020-14882\n\nhttps://youtu.be/t-sxvcZNFZo\n\n\u0623\u0628\u0627\u062a\u0634\u064a \u062a\u0648\u0645\u0643\u0627\u062a RCE |\u00a0 CVE-2020-9484\n\nhttps://youtu.be/nF8tfsY74ws\n\n\u0645\u0648\u062f\u0644 \u0622\u0631 \u0633\u064a \u0625\u064a |\u00a0 CVE-2020-14321\n\nhttps://youtu.be/BkEInFI4oIU\n\n\u0633\u064a\u0633\u0643\u0648 CVE-2020-3452 \u0635\n\nhttps://youtu.be/-UldKwwVgHE\n\n\u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c \u0627\u0644\u0645\u0633\u0627\u0639\u062f \u0644\u0642\u0627\u0639\u062f\u0629 \u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0648\u0631\u062f\u0628\u0631\u064a\u0633 |\u00a0 CVE-2020-7048\n\nhttps://youtu.be/nj_dqcvrwp4\n\nCVE-2020-5902 F5 \u0639\u0646\u0648\u0627\u0646 IP \u0643\u0628\u064a\u0631\n\nhttps://youtu.be/-ppzdYDk-ZM\n\n\u0645\u0642\u0627\u0637\u0639 \u0641\u064a\u062f\u064a\u0648 \u0623\u062e\u0631\u0649 \u062d\u0648\u0644 CVE PoC\n\nhttps://youtube.com/playlist?list=PLiVfOzljj-46iFcif16qMaPP84ZxCZ4Mb\n\n\u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0645\u062e\u062a\u0628\u0631 \u0645\u0643\u0627\u0641\u062d\u0629 \u0627\u0644\u062a\u0637\u0631\u0641 \u0627\u0644\u0639\u0646\u064a\u0641: https://www.vulnmachines.com", "creation_timestamp": "2024-03-29T18:27:13.000000Z"}, {"uuid": "21ee63d1-11c8-47d5-8c93-f85404ccab57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "published-proof-of-concept", "source": "Telegram/k6hHUJVRmEVte2QfNLuU8-v67rBZSq4t8lJINPEEK3muAg", "content": "", "creation_timestamp": "2023-11-22T10:48:36.000000Z"}, {"uuid": "3c37c679-d38b-4a7c-a3b6-54c8b3ca47c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "published-proof-of-concept", "source": "Telegram/qBahjGhadtLT-XcqPwLzecmAwtnkL3Nh8hSmwnXHcFJUbBg", "content": "", "creation_timestamp": "2025-04-07T23:00:05.000000Z"}, {"uuid": "ba8e7550-d884-4e2d-9da0-384bf0053325", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "exploited", "source": "https://t.me/true_secator/2850", "content": "\u034fApache \u0434\u043e\u043f\u0438\u043b\u0438\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE \u0432 \u0441\u0432\u043e\u0435\u043c \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u0440\u043e\u0435\u043a\u0442\u0435 Struts, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0430\u043d\u0435\u0435 \u0441\u0447\u0438\u0442\u0430\u043b\u0430\u0441\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u043e\u0439, \u043d\u043e, \u043a\u0430\u043a \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u043d\u0435 \u0434\u043e \u043a\u043e\u043d\u0446\u0430.\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-31805 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Struts 2 \u043e\u0442 2.0.0 \u0434\u043e 2.5.29 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u043c \u043d\u0435\u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0431\u044b\u043b\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u043e \u0434\u043b\u044f\u00a0CVE-2020-17530, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 OGNL Injection \u0441 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u043e\u043c 9,8. \n\nStruts - \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0441\u0440\u0435\u0434\u0443 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0443\u044e \u0432\u0435\u0431-\u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c\u0438 Java \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u043c\u043e\u0434\u0435\u043b\u044c-\u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435-\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 (MVC), \u0432 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u044f\u0437\u044b\u043a \u043d\u0430\u0432\u0438\u0433\u0430\u0446\u0438\u0438 \u043f\u043e \u043e\u0431\u044a\u0435\u043a\u0442\u043d\u044b\u043c \u0433\u0440\u0430\u0444\u0430\u043c (OGNL) \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u044f\u0437\u044b\u043a \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0439 (EL) \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0434\u043b\u044f Java.\n\n\u0415\u0449\u0435 \u0432 2020 \u0433\u043e\u0434\u0443 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0410\u043b\u044c\u0432\u0430\u0440\u043e \u041c\u0443\u043d\u044c\u043e\u0441 \u0438\u0437 GitHub \u0438 \u041c\u0430\u0441\u0430\u0442\u043e \u0410\u043d\u0437\u0430\u0439 \u0438\u0437 Aeye Security Lab \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0438 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Struts2 \u0432\u0435\u0440\u0441\u0438\u0439 2.0.0\u20132.5.25, \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u043c\u043e\u0439 \u043f\u0440\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0431\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430\u0445, \u043a\u043e\u0442\u043e\u0440\u0443\u044e Apache \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0438 \u0432 Struts \u0432\u0435\u0440\u0441\u0438\u0438 2.5.26. \u041e\u0434\u043d\u0430\u043a\u043e \u0447\u0443\u0442\u044c \u043f\u043e\u0437\u0436\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041a\u0440\u0438\u0441 \u041c\u0430\u043a\u041a\u0430\u0443\u043d\u00a0\u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b, \u0447\u0442\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u043d\u0435\u043f\u043e\u043b\u043d\u044b\u043c, \u043e \u0447\u0435\u043c \u0438 \u0443\u0432\u0435\u0434\u043e\u043c\u0438\u043b \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e\u00a0Struts 2.5.30\u00a0\u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0437\u0431\u0435\u0433\u0430\u044f \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043e\u0446\u0435\u043d\u043a\u0438 OGNL \u0432 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430\u0445 \u0442\u0435\u0433\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0432\u0432\u043e\u0434\u0430. \n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Apache \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u044c\u00a0\u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u0443\u00a0\u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u0412\u0435\u0434\u044c \u043a\u0430\u043a \u043f\u043e\u043c\u043d\u0438\u0442\u0441\u044f, CVE-2017-5638 \u0432 Struts 2 OGNL Injection \u0440\u0430\u043d\u0435\u0435\u00a0\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438, \u0432 \u0442\u043e\u043c\u00a0\u0447\u0438\u0441\u043b\u0435 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 ransomware. \u0418\u043c\u0435\u043d\u043d\u043e \u044d\u0442\u0430 \u0431\u0430\u0433\u0430 \u043f\u0440\u0438\u0432\u0435\u043b\u0430 \u0432 2017 \u0433\u043e\u0434\u0443 \u0432 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u043c\u0443 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0443 \u0441 \u043f\u0435\u0447\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f\u043c\u0438 \u0432 Equifax.", "creation_timestamp": "2022-04-14T16:45:03.000000Z"}, {"uuid": "f906eeef-1fca-4287-9fc4-e094cdbca7d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "seen", "source": "https://t.me/haccking/109544", "content": "#\u041e\u0431\u0443\u0447\u0435\u043d\u0438\u0435\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2020-17530: \u0423\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0432 Apache Struts2", "creation_timestamp": "2022-03-18T20:43:54.000000Z"}, {"uuid": "4cbe196c-d376-4a29-a20e-e7aaf716753f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "seen", "source": "https://t.me/haccking/7490", "content": "#\u041e\u0431\u0443\u0447\u0435\u043d\u0438\u0435\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2020-17530: \u0423\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0432 Apache Struts2", "creation_timestamp": "2022-03-18T21:43:54.000000Z"}, {"uuid": "70424b4e-6ada-4186-b0f6-b786fdd6190d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "seen", "source": "https://t.me/VulnerabilityNews/27547", "content": "The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag\u00e2\u20ac\u2122s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.\nPublished at: April 12, 2022 at 06:15PM\nView on website", "creation_timestamp": "2022-04-12T20:42:05.000000Z"}, {"uuid": "958a9c08-cc70-4aa1-a8f8-4eafaf2e1c0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-17530", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2274", "content": "#Threat_Research\n1. Windows SMB Information Disclousure Analysis (PoC)\nhttps://blogs.360.cn/post/CVE-2020-17140-Analysis.html\n2. Portable Data exFiltration: XSS for PDFs\nhttps://portswigger.net/research/portable-data-exfiltration\n3. Struts2 S2-061 Vulnerability Analysis (CVE-2020-17530)\nhttps://buaq.net/go-47936.html\n]-&gt; PoC:\nhttps://github.com/ka1n4t/CVE-2020-17530", "creation_timestamp": "2020-12-31T18:33:03.000000Z"}]}