cvelistv5 - CVE-2010-1870

CVE-2010-1870

Vulnerability from cvelistv5

Published

2010-08-17 17:31

Modified

2024-08-07 01:35

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html
cve@mitre.org	http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16	Vendor Advisory
cve@mitre.org	http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html
cve@mitre.org	http://seclists.org/fulldisclosure/2010/Jul/183
cve@mitre.org	http://seclists.org/fulldisclosure/2020/Oct/23
cve@mitre.org	http://secunia.com/advisories/59110
cve@mitre.org	http://securityreason.com/securityalert/8345
cve@mitre.org	http://struts.apache.org/2.2.1/docs/s2-005.html
cve@mitre.org	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2
cve@mitre.org	http://www.exploit-db.com/exploits/14360	Exploit
cve@mitre.org	http://www.osvdb.org/66280
cve@mitre.org	http://www.securityfocus.com/bid/41592
af854a3a-2127-422b-91ae-364da2661108	http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html
af854a3a-2127-422b-91ae-364da2661108	http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2010/Jul/183
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Oct/23
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59110
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8345
af854a3a-2127-422b-91ae-364da2661108	http://struts.apache.org/2.2.1/docs/s2-005.html
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/14360	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/66280
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/41592

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:35:53.709Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16"
          },
          {
            "name": "14360",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/14360"
          },
          {
            "name": "41592",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/41592"
          },
          {
            "name": "66280",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/66280"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
          },
          {
            "name": "59110",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59110"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
          },
          {
            "name": "20100713 CVE-2010-1870: Struts2 remote commands execution",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2010/Jul/183"
          },
          {
            "name": "8345",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8345"
          },
          {
            "name": "20201020 LISTSERV Maestro Remote Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Oct/23"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-07-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:06:24",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16"
        },
        {
          "name": "14360",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/14360"
        },
        {
          "name": "41592",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/41592"
        },
        {
          "name": "66280",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/66280"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
        },
        {
          "name": "59110",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59110"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
        },
        {
          "name": "20100713 CVE-2010-1870: Struts2 remote commands execution",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2010/Jul/183"
        },
        {
          "name": "8345",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8345"
        },
        {
          "name": "20201020 LISTSERV Maestro Remote Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Oct/23"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1870",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16",
              "refsource": "CONFIRM",
              "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16"
            },
            {
              "name": "14360",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/14360"
            },
            {
              "name": "41592",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/41592"
            },
            {
              "name": "66280",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/66280"
            },
            {
              "name": "http://struts.apache.org/2.2.1/docs/s2-005.html",
              "refsource": "CONFIRM",
              "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
            },
            {
              "name": "59110",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59110"
            },
            {
              "name": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html",
              "refsource": "MISC",
              "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
            },
            {
              "name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
            },
            {
              "name": "20100713 CVE-2010-1870: Struts2 remote commands execution",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2010/Jul/183"
            },
            {
              "name": "8345",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8345"
            },
            {
              "name": "20201020 LISTSERV Maestro Remote Code Execution Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Oct/23"
            },
            {
              "name": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-1870",
    "datePublished": "2010-08-17T17:31:00",
    "dateReserved": "2010-05-10T00:00:00",
    "dateUpdated": "2024-08-07T01:35:53.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-1870\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-08-17T20:00:03.407\",\"lastModified\":\"2024-11-21T01:15:21.907\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \\\"#\\\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.\"},{\"lang\":\"es\",\"value\":\"La capacidad OGNL extensive expression evaluation en XWork de Struts v2.0.0 hasta v2.1.8.1, como el usado en Atlassian Fisheye, Crucible,y posiblemente otros productos, usa una lista blanca permisiva, la cual permite a atacantes remotos modificar los objetos del contexto del lado del servidor y evitar el mecanismo de protecci\u00f3n \\\"#\\\" en ParameterInterceptors a trav\u00e9s de (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, y posiblemente otras variables de contexto OGNL, una vulnerabilidad diferente de CVE-2008-6504.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CF11DCF-6F6E-4E18-988E-E43918FBB8A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE3A90B7-C632-4D3E-9A4F-21E46D273B42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"386538BE-F258-4870-8E11-750ADA228026\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4CF15B9-3714-4206-9971-1F7D59E20483\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFA32D87-65C7-4589-86B7-500BE3203CFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C3FB11-4E24-4067-A3A9-021F849DAAE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DCF2D72-90F1-4D1B-94A2-5BB3D8C086C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"661F1610-9FCD-4FC1-BCA1-69C58E0A1389\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9C89E22-B106-4EAB-90A1-0EA86C165737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E1BABB2-780E-47E0-87A9-A164906C8421\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC32348E-7EF4-411C-9A44-CD041ABFA0E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94BD452B-AE41-4F7A-9DB9-4B1039582537\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFDC53B-7B8E-4333-BC87-E01024EC9C21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F0818E7-B617-4C30-BFAC-9FE2F375F8BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50F4A58E-F3D4-4711-A37E-EA538B112371\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFFCC96F-FD87-4495-B8A5-19D7898D5662\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEA0424E-84B4-41BD-8E6C-93E2A77DD6CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEC53AE5-3640-4FE1-B0B1-EA26C5B9EB9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"662A2E4B-A76A-4498-98A6-F90DF65C62B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E720B3A-4CFB-47FE-B80C-67C59D4C7FD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA687B56-A09B-4741-84F1-2BD9569A3F76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BC0E358-8B4D-480B-BFAE-966CB697310A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B7E8E1C-C667-4AED-86A5-2BD0C62AAD76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88B3348C-1086-4A16-97E3-52DB65FF860A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C65711D-9C5B-4644-A12D-82243CB6FB1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC1FA9A7-2C8E-4651-9400-190198528642\"}]}]}],\"references\":[{\"url\":\"http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2010/Jul/183\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2020/Oct/23\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/59110\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/8345\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://struts.apache.org/2.2.1/docs/s2-005.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.exploit-db.com/exploits/14360\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.osvdb.org/66280\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/41592\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2010/Jul/183\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2020/Oct/23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59110\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/8345\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://struts.apache.org/2.2.1/docs/s2-005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/14360\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.osvdb.org/66280\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/41592\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504. Used for multiple products Apache Struts of XWork In OGNL For the expression evaluation of "#" ParameterInterceptors A vulnerability exists that bypasses the protection mechanism. XWork is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. Attackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer. This issue is related to the vulnerability documented in BID 32101 (XWork 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability); the implemented solution appears to have been incomplete. The component uses the ParameterInterceptors directive to parse the Object-Graph Navigation Language (OGNL) expressions that are implemented via a whitelist feature. An attacker could exploit this vulnerability by sending crafted requests that contain OGNL expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system.

Cisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000 Series. Customers using Cisco Business Edition 3000 Series should contact their Cisco representative for available options.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. ----------------------------------------------------------------------

Passionate about writing secure code?

http://secunia.com/company/jobs/open_positions/talented_programmer

Read this if your favourite tool is a disassembler

http://secunia.com/company/jobs/open_positions/reverse_engineer

TITLE: XWork "ParameterInterceptor" Security Bypass Vulnerability

SECUNIA ADVISORY ID: SA40558

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40558/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40558

RELEASE DATE: 2010-07-13

DISCUSS ADVISORY: http://secunia.com/advisories/40558/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/40558/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=40558

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been reported in XWork, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the "ParameterInterceptor" class improperly restricting access to server-side objects. This can be exploited to modify server-side objects and e.g.

This is related to: SA32495

SOLUTION: Filter malicious characters and character sequences using a proxy.

PROVIDED AND/OR DISCOVERED BY: Meder Kydyraliev, Google Security Team

ORIGINAL ADVISORY: http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

               VMware Security Advisory

Advisory ID: VMSA-2011-0005 Synopsis: VMware vCenter Orchestrator remote code execution vulnerability Issue date: 2011-03-14 Updated on: 2011-03-14 (initial release of advisory) CVE numbers: CVE-2010-1870

Summary

A vulnerability in VMware vCenter Orchestrator(vCO) could allow remote execution.

Relevant releases

VMware vCenter Orchestrator 4.1 VMware vCenter Orchestrator 4.0

Problem Description

VMware vCenter Orchestrator is an application to automate management tasks. It embeds Apache Struts (version 2.0.11) which is a third party component.

The following vulnerability has been reported in Apache Struts 2.0.11 or earlier. A remote execution of code vulnerability could allow malicious users to bypass the '#'-usage protection built into the ParametersInterceptor, which could allow server side context objects to be manipulated.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1870 to this vulnerability.

VMware would like to thank the Vulnerability Research Team of Digital Defense, Inc. for reporting this issue to us.

Apache Struts version 2.0.11 and earlier also contain vulnerabilities which have not been assigned CVE names. This advisory also addresses these vulnerabilities described at the following URLs:
- http://struts.apache.org/2.2.1/docs/s2-002.html
- http://struts.apache.org/2.2.1/docs/s2-003.html
- http://struts.apache.org/2.2.1/docs/s2-004.html
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCO 4.1 Windows vCO fix for Apache Struts * vCO 4.0 Windows vCO fix for Apache Struts *
- Refer to VMware Knowledge Base article 1034175 for a workaround.
Solution

Vmware vCenter Orchestrator

vCenter Orchestrator workaround for Apache Struts http://kb.vmware.com/kb/1034175
References

CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1870

Change log

2011-03-14 VMSA-2011-0005 Initial security advisory in conjunction with the release of an Apache Struts workaround for VMware vCenter Orchestrator on 2011-03-14.

Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8

wj8DBQFNfoXpS2KysvBH1xkRAiuiAJ9nyIgRIEiD4kYI7ZODRu/m0iJOQgCeIbKD J0gV3DRUWD3NMkMKC/ysvZE= =8K7w -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .

For more information: SA40558

SOLUTION: Update to FishEye 2.3.3 and Crucible 2.3.3 or apply patches.

For more information: SA40558

SOLUTION: Fixed in the SVN repository. Document Title:

===============

LISTSERV Maestro Remote Code Execution Vulnerability

References (Source):

====================

https://www.securifera.com/advisories/sec-2020-0001/

https://www.lsoft.com/products/maestro.asp

Release Date:

=============

2020-10-20

Product & Service Introduction:

===============================

LISTSERV Maestro is an enterprise email marketing solution and allows you to easily engage your subscribers with targeted, intelligence-based opt-in campaigns. It offers easy tracking, reporting and list segmentation in a complete email marketing and analytics package.

Vulnerability Information:

==============================

Class: CWE-917 : Expression Language (EL) Injection

Impact: Remote Code Execution

Remotely Exploitable: Yes

Locally Exploitable: Yes

CVE Name: CVE-2010-1870

Vulnerability Description:

==============================

A unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, version 9.0-8 and prior. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be exploitable in both the Windows and Linux version of the software and has existed in the LISTSERV Maestro software since at least version 8.1-5. As a result, a specially crafted HTTP request can be constructed that executes code in the context of the web application. Exploitation of this vulnerability does not require authentication and can lead to root level privilege on any system running the LISTServ Maestro services.

Vulnerability Disclosure Timeline:

==================================

2020-10-12: Contact Vendor and Request Security Contact Info From Support Team

2020-10-12: Report Vulnerability Information to Vendor

2020-10-12: Vendor Confirms Submission

2020-10-13: Vendor Releases Patch

2020-10-13: Securifera Confirms With Vendor that the Patch Mitigates CVE-2010-1870 but suggest upgrading vulnerable struts library

2020-10-15: Vendor Approves Public Disclosure

Affected Product(s):

====================

LISTSERV Maestro 9.0-8 and prior

Severity Level:

===============

High

Proof of Concept (PoC):

=======================

A proof of concept will not be provided at this time.

Solution - Fix & Patch:

=======================

Temporary patch: https://dropbox.lsoft.us/download/LMA9.0-8-patch-2020-10-13.zip

Security Risk:

==============

The security risk of this remote code execution vulnerability is estimated as high. (CVSS 10.0)

Credits & Authors:

==================

Securifera, Inc - b0yd (@rwincey)

Disclaimer & Information:

=========================

The information provided in this advisory is provided as it is without any warranty. Securifera disclaims all

warranties, either expressed or implied,

including the warranties of merchantability and capability for a particular purpose. Securifera is not liable in any

case of damage,

including direct, indirect, incidental, consequential loss of business profits or special damages, even if Securifera

or its suppliers have been advised

of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential

or incidental damages so the foregoing

limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, or hack into any

systems.

Domains: www.securifera.com

Contact: contact [at] securifera [dot] com

Social: twitter.com/securifera

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201008-0298",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.1.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.1.8"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.1.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.1.5"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.1.4"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.1.0"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.1.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.0.12"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.1.8.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.1.6"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.8"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.11.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.7"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.6"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.14"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.10"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.13"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.11"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.9"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.4"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.5"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.11.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.0"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "2.0.0 to  2.1.8.1"
      },
      {
        "model": "alive enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "7.2"
      },
      {
        "model": "vcenter orchestrator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "4.0 (windows)"
      },
      {
        "model": "vcenter orchestrator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "4.1 (windows)"
      },
      {
        "model": "business edition 3000",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "identity services engine",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "media experience engine",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3500"
      },
      {
        "model": "unified contact center enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vcenter orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "vcenter orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "xwork",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opensymphony",
        "version": "2.1.5"
      },
      {
        "model": "xwork",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opensymphony",
        "version": "2.1"
      },
      {
        "model": "xwork",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opensymphony",
        "version": "2.0.6"
      },
      {
        "model": "xwork",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opensymphony",
        "version": "2.0.5"
      },
      {
        "model": "xwork",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opensymphony",
        "version": "2.0.4"
      },
      {
        "model": "xwork",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opensymphony",
        "version": "2.0.3"
      },
      {
        "model": "xwork",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opensymphony",
        "version": "2.0.2"
      },
      {
        "model": "xwork",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opensymphony",
        "version": "2.0.1"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "fisheye",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "atlassian",
        "version": "2.3.4"
      },
      {
        "model": "fisheye",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "atlassian",
        "version": "2.2.3"
      },
      {
        "model": "crucible",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "atlassian",
        "version": "2.3.2"
      },
      {
        "model": "crucible",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "atlassian",
        "version": "2.2.3"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.8.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.8"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.12"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.11.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.11.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.9"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.8"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.7"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.6"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.5"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.4"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.3"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0"
      },
      {
        "model": "software foundation archiva",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.4"
      },
      {
        "model": "software foundation archiva",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.3"
      },
      {
        "model": "software foundation archiva",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.1"
      },
      {
        "model": "software foundation archiva",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3.5"
      },
      {
        "model": "software foundation archiva",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "1.3"
      },
      {
        "model": "media experience engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "56001.0"
      },
      {
        "model": "fisheye",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "atlassian",
        "version": "2.3.1"
      },
      {
        "model": "crucible",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "atlassian",
        "version": "2.3.3"
      },
      {
        "model": "software foundation struts",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "41592"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002831"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-173"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1870"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apache:struts",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:alive_enterprise",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:vcenter_orchestrator",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:business_edition_3000",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:identity_services_engine",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:media_experience_engine",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:cisco:unified_contact_center_enterprise",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002831"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "b0yd",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "159643"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-173"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2010-1870",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2010-1870",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2010-1870",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2010-1870",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201008-173",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2010-1870",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-1870"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002831"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-173"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1870"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504. Used for multiple products Apache Struts of XWork In OGNL For the expression evaluation of \"#\" ParameterInterceptors A vulnerability exists that bypasses the protection mechanism. XWork is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. \nAttackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer. \nThis issue is related to the vulnerability documented in BID 32101 (XWork \u0027ParameterInterceptor\u0027 Class OGNL Security Bypass Vulnerability); the implemented solution appears to have been incomplete. The component uses the ParameterInterceptors directive to parse the Object-Graph Navigation Language (OGNL) expressions that are implemented via a whitelist feature. An attacker could exploit this vulnerability by sending crafted requests that contain OGNL expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system. \n\nCisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000 Series. Customers using Cisco Business Edition 3000 Series should contact their Cisco representative for available options. \n\nCisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. ----------------------------------------------------------------------\n\n\nPassionate about writing secure code?\n\nhttp://secunia.com/company/jobs/open_positions/talented_programmer\n\n\nRead this if your favourite tool is a disassembler\n\nhttp://secunia.com/company/jobs/open_positions/reverse_engineer\n\n\n----------------------------------------------------------------------\n\nTITLE:\nXWork \"ParameterInterceptor\" Security Bypass Vulnerability\n\nSECUNIA ADVISORY ID:\nSA40558\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40558/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40558\n\nRELEASE DATE:\n2010-07-13\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40558/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40558/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40558\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in XWork, which can be exploited by\nmalicious people to bypass certain security restrictions. \n\nThe vulnerability is caused due to the \"ParameterInterceptor\" class\nimproperly restricting access to server-side objects. This can be\nexploited to modify server-side objects and e.g. \n\nThis is related to:\nSA32495\n\nSOLUTION:\nFilter malicious characters and character sequences using a proxy. \n\nPROVIDED AND/OR DISCOVERED BY:\nMeder Kydyraliev, Google Security Team\n\nORIGINAL ADVISORY:\nhttp://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2011-0005\nSynopsis:          VMware vCenter Orchestrator remote code execution\n                   vulnerability\nIssue date:        2011-03-14\nUpdated on:        2011-03-14 (initial release of advisory)\nCVE numbers:       CVE-2010-1870\n- ------------------------------------------------------------------------\n\n1. Summary\n\n   A vulnerability in VMware vCenter Orchestrator(vCO) could allow\n   remote execution. \n\n2. Relevant releases\n\n   VMware vCenter Orchestrator 4.1\n   VMware vCenter Orchestrator 4.0\n\n3. Problem Description\n\n    VMware vCenter Orchestrator is an application to automate\n    management tasks. It embeds Apache Struts (version 2.0.11) which is\n    a third party component. \n\n    The following vulnerability has been reported in Apache Struts\n    2.0.11 or earlier. A remote execution of code vulnerability could\n    allow malicious users to bypass the \u0027#\u0027-usage protection built into\n    the ParametersInterceptor, which could allow server side context\n    objects to be manipulated. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2010-1870 to this vulnerability. \n\n    VMware would like to thank the Vulnerability Research Team of\n    Digital Defense, Inc. for reporting this issue to us. \n\n    Apache Struts version 2.0.11 and earlier also contain\n    vulnerabilities which have not been assigned CVE names.  This\n    advisory also addresses these vulnerabilities described at the\n    following URLs:\n\n    * http://struts.apache.org/2.2.1/docs/s2-002.html\n    * http://struts.apache.org/2.2.1/docs/s2-003.html\n    * http://struts.apache.org/2.2.1/docs/s2-004.html\n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCO            4.1       Windows  vCO fix for Apache Struts *\n    vCO            4.0       Windows  vCO fix for Apache Struts *\n\n    * Refer to VMware Knowledge Base article 1034175 for a workaround. \n\n4. Solution\n\n    Vmware vCenter Orchestrator\n    ---------------------------\n    vCenter Orchestrator workaround for Apache Struts\n    http://kb.vmware.com/kb/1034175\n\n5. References\n\n   CVE numbers\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1870\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2011-03-14  VMSA-2011-0005\nInitial security advisory in conjunction with the release of an Apache\nStruts workaround for VMware vCenter Orchestrator on 2011-03-14. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n  * security-announce at lists.vmware.com\n  * bugtraq at securityfocus.com\n  * full-disclosure at lists.grok.org.uk\n\nE-mail:  security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Advisories\nhttp://www.vmware.com/security/advisories\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2011 VMware Inc.  All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.8.3 (Build 4028)\nCharset: utf-8\n\nwj8DBQFNfoXpS2KysvBH1xkRAiuiAJ9nyIgRIEiD4kYI7ZODRu/m0iJOQgCeIbKD\nJ0gV3DRUWD3NMkMKC/ysvZE=\n=8K7w\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nFor more information:\nSA40558\n\nSOLUTION:\nUpdate to FishEye 2.3.3 and Crucible 2.3.3 or apply patches. \n\nFor more information:\nSA40558\n\nSOLUTION:\nFixed in the SVN repository. Document Title:\n\n===============\n\nLISTSERV Maestro Remote Code Execution Vulnerability\n\n \n\nReferences (Source):\n\n====================\n\nhttps://www.securifera.com/advisories/sec-2020-0001/\n\nhttps://www.lsoft.com/products/maestro.asp\n\n \n\nRelease Date:\n\n=============\n\n2020-10-20\n\n \n\nProduct \u0026 Service Introduction:\n\n===============================\n\nLISTSERV Maestro is an enterprise email marketing solution and allows you to\neasily engage your subscribers with targeted, intelligence-based opt-in\ncampaigns. It offers easy tracking, reporting and list segmentation in a\ncomplete email marketing and analytics package. \n\n \n\n \n\nVulnerability Information:\n\n==============================\n\nClass: CWE-917 : Expression Language (EL) Injection\n\nImpact: Remote Code Execution\n\nRemotely Exploitable: Yes\n\nLocally Exploitable: Yes\n\nCVE Name: CVE-2010-1870\n\n \n\nVulnerability Description:\n\n==============================\n\nA unauthenticated remote code execution vulnerability was found in the\nLISTSERV Maestro software, version 9.0-8 and prior. This vulnerability stems\nfrom a known issue in struts, CVE-2010-1870, that allows for code execution\nvia OGNL Injection. This vulnerability has been confirmed to be exploitable\nin both the Windows and Linux version of the software and has existed in the\nLISTSERV Maestro software since at least version 8.1-5.  As a result, a\nspecially crafted HTTP request can be constructed that executes code in the\ncontext of the web application. Exploitation of this vulnerability does not\nrequire authentication and can lead to root level privilege on any system\nrunning the LISTServ Maestro services. \n\n \n\nVulnerability Disclosure Timeline:\n\n==================================\n\n2020-10-12: Contact Vendor and Request Security Contact Info From Support\nTeam\n\n2020-10-12: Report Vulnerability Information to Vendor\n\n2020-10-12: Vendor Confirms Submission\n\n2020-10-13: Vendor Releases Patch\n\n2020-10-13: Securifera Confirms With Vendor that the Patch Mitigates\nCVE-2010-1870 but suggest upgrading vulnerable struts library\n\n2020-10-15: Vendor Approves Public Disclosure\n\n \n\n \n\nAffected Product(s):\n\n====================\n\nLISTSERV Maestro 9.0-8 and prior\n\n \n\nSeverity Level:\n\n===============\n\nHigh\n\n \n\nProof of Concept (PoC):\n\n=======================\n\nA proof of concept will not be provided at this time. \n\n \n\nSolution - Fix \u0026 Patch:\n\n=======================\n\nTemporary patch:\nhttps://dropbox.lsoft.us/download/LMA9.0-8-patch-2020-10-13.zip\n\n \n\nSecurity Risk:\n\n==============\n\nThe security risk of this remote code execution vulnerability is estimated\nas high. (CVSS 10.0)\n\n \n\nCredits \u0026 Authors:\n\n==================\n\nSecurifera, Inc - b0yd (@rwincey)\n\n \n\nDisclaimer \u0026 Information:\n\n=========================\n\nThe information provided in this advisory is provided as it is without any\nwarranty. Securifera disclaims all \n\nwarranties, either expressed or implied, \n\nincluding the warranties of merchantability and capability for a particular\npurpose. Securifera is not liable in any \n\ncase of damage, \n\nincluding direct, indirect, incidental, consequential loss of business\nprofits or special damages, even if Securifera \n\nor its suppliers have been advised \n\nof the possibility of such damages. Some states do not allow the exclusion\nor limitation of liability for consequential \n\nor incidental damages so the foregoing \n\nlimitation may not apply. We do not approve or encourage anybody to break\nany licenses, policies, or hack into any \n\nsystems. \n\n \n\nDomains: www.securifera.com\n\nContact: contact [at] securifera [dot] com\n\nSocial: twitter.com/securifera\n\n \n\nCopyright C 2020 | Securifera, Inc\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-1870"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002831"
      },
      {
        "db": "BID",
        "id": "41592"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-1870"
      },
      {
        "db": "PACKETSTORM",
        "id": "127408"
      },
      {
        "db": "PACKETSTORM",
        "id": "91733"
      },
      {
        "db": "PACKETSTORM",
        "id": "99317"
      },
      {
        "db": "PACKETSTORM",
        "id": "91735"
      },
      {
        "db": "PACKETSTORM",
        "id": "91732"
      },
      {
        "db": "PACKETSTORM",
        "id": "159643"
      }
    ],
    "trust": 2.52
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=14360",
        "trust": 0.2,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-1870"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-1870",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "41592",
        "trust": 2.8
      },
      {
        "db": "OSVDB",
        "id": "66280",
        "trust": 2.5
      },
      {
        "db": "PACKETSTORM",
        "id": "159643",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "59110",
        "trust": 1.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "14360",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "8345",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002831",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-173",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "40558",
        "trust": 0.2
      },
      {
        "db": "SECUNIA",
        "id": "40576",
        "trust": 0.2
      },
      {
        "db": "SECUNIA",
        "id": "40575",
        "trust": 0.2
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-1870",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127408",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "91733",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "99317",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "91735",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "91732",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-1870"
      },
      {
        "db": "BID",
        "id": "41592"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002831"
      },
      {
        "db": "PACKETSTORM",
        "id": "127408"
      },
      {
        "db": "PACKETSTORM",
        "id": "91733"
      },
      {
        "db": "PACKETSTORM",
        "id": "99317"
      },
      {
        "db": "PACKETSTORM",
        "id": "91735"
      },
      {
        "db": "PACKETSTORM",
        "id": "91732"
      },
      {
        "db": "PACKETSTORM",
        "id": "159643"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-173"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1870"
      }
    ]
  },
  "id": "VAR-201008-0298",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.29166666
  },
  "last_update_date": "2024-11-23T23:10:10.268000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2010-1870: Struts2 remote commands execution",
        "trust": 0.8,
        "url": "http://archiva.apache.org/security.html"
      },
      {
        "title": "S2-005",
        "trust": 0.8,
        "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
      },
      {
        "title": "cisco-sa-20140709-struts2",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
      },
      {
        "title": "VMSA-2011-0005",
        "trust": 0.8,
        "url": "http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2011-0005.html"
      },
      {
        "title": "cisco-sa-20140709-struts2",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/JP/112/1122/1122766_cisco-sa-20140709-struts2-j.html"
      },
      {
        "title": "struts2-2.2.1-lib",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40173"
      },
      {
        "title": "struts2-2.2.1-apps",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40172"
      },
      {
        "title": "struts2-2.2.1-all",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40171"
      },
      {
        "title": "struts2-2.2.1-src",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40175"
      },
      {
        "title": "struts2-2.2.1-docs",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40174"
      },
      {
        "title": "Cisco: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20140709-struts2"
      },
      {
        "title": "VMware Security Advisories: VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=491bec6555e9512a68aa300b151531ed"
      },
      {
        "title": "Struts2_Bugs",
        "trust": 0.1,
        "url": "https://github.com/fupinglee/Struts2_Bugs "
      },
      {
        "title": "vulmap",
        "trust": 0.1,
        "url": "https://github.com/zhzyker/vulmap "
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2014/07/14/apache_patch_cisco_catches_up_with_ancient_struts2_vuln/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-1870"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002831"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-173"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-DesignError",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002831"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1870"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/41592"
      },
      {
        "trust": 2.3,
        "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/159643/listserv-maestro-9.0-8-remote-code-execution.html"
      },
      {
        "trust": 2.1,
        "url": "http://confluence.atlassian.com/display/fisheye/fisheye+security+advisory+2010-06-16"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2020/oct/23"
      },
      {
        "trust": 1.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140709-struts2"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2010/jul/183"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59110"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/8345"
      },
      {
        "trust": 1.7,
        "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.exploit-db.com/exploits/14360"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/66280"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1870"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1870"
      },
      {
        "trust": 0.8,
        "url": "http://osvdb.org/66280"
      },
      {
        "trust": 0.4,
        "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=956389"
      },
      {
        "trust": 0.3,
        "url": "http://www.opensymphony.com/xwork/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1870"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/company/jobs/open_positions/talented_programmer"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/company/jobs/open_positions/reverse_engineer"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/struts-cve-2010-1870"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=21731"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/14360/"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/modules/exploit/multi/http/struts_code_exec"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40558"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40558/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40558/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1034175"
      },
      {
        "trust": 0.1,
        "url": "http://struts.apache.org/2.2.1/docs/s2-003.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://struts.apache.org/2.2.1/docs/s2-002.html"
      },
      {
        "trust": 0.1,
        "url": "http://struts.apache.org/2.2.1/docs/s2-004.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40576/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40576"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40576/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40575/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/40575/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40575"
      },
      {
        "trust": 0.1,
        "url": "https://dropbox.lsoft.us/download/lma9.0-8-patch-2020-10-13.zip"
      },
      {
        "trust": 0.1,
        "url": "https://www.lsoft.com/products/maestro.asp"
      },
      {
        "trust": 0.1,
        "url": "https://www.securifera.com/advisories/sec-2020-0001/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-1870"
      },
      {
        "db": "BID",
        "id": "41592"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002831"
      },
      {
        "db": "PACKETSTORM",
        "id": "127408"
      },
      {
        "db": "PACKETSTORM",
        "id": "91733"
      },
      {
        "db": "PACKETSTORM",
        "id": "99317"
      },
      {
        "db": "PACKETSTORM",
        "id": "91735"
      },
      {
        "db": "PACKETSTORM",
        "id": "91732"
      },
      {
        "db": "PACKETSTORM",
        "id": "159643"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-173"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1870"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2010-1870"
      },
      {
        "db": "BID",
        "id": "41592"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002831"
      },
      {
        "db": "PACKETSTORM",
        "id": "127408"
      },
      {
        "db": "PACKETSTORM",
        "id": "91733"
      },
      {
        "db": "PACKETSTORM",
        "id": "99317"
      },
      {
        "db": "PACKETSTORM",
        "id": "91735"
      },
      {
        "db": "PACKETSTORM",
        "id": "91732"
      },
      {
        "db": "PACKETSTORM",
        "id": "159643"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-173"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1870"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-08-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-1870"
      },
      {
        "date": "2010-07-13T00:00:00",
        "db": "BID",
        "id": "41592"
      },
      {
        "date": "2011-06-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002831"
      },
      {
        "date": "2014-07-09T17:20:53",
        "db": "PACKETSTORM",
        "id": "127408"
      },
      {
        "date": "2010-07-13T05:27:52",
        "db": "PACKETSTORM",
        "id": "91733"
      },
      {
        "date": "2011-03-15T01:37:07",
        "db": "PACKETSTORM",
        "id": "99317"
      },
      {
        "date": "2010-07-13T05:27:58",
        "db": "PACKETSTORM",
        "id": "91735"
      },
      {
        "date": "2010-07-13T05:27:50",
        "db": "PACKETSTORM",
        "id": "91732"
      },
      {
        "date": "2020-10-20T20:17:41",
        "db": "PACKETSTORM",
        "id": "159643"
      },
      {
        "date": "2010-08-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201008-173"
      },
      {
        "date": "2010-08-17T20:00:03.407000",
        "db": "NVD",
        "id": "CVE-2010-1870"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-1870"
      },
      {
        "date": "2014-09-01T01:23:00",
        "db": "BID",
        "id": "41592"
      },
      {
        "date": "2015-08-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002831"
      },
      {
        "date": "2020-10-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201008-173"
      },
      {
        "date": "2024-11-21T01:15:21.907000",
        "db": "NVD",
        "id": "CVE-2010-1870"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127408"
      },
      {
        "db": "PACKETSTORM",
        "id": "99317"
      },
      {
        "db": "PACKETSTORM",
        "id": "159643"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-173"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Struts of  XWork Vulnerabilities that bypass object protection mechanisms",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002831"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-173"
      }
    ],
    "trust": 0.6
  }
}

ghsa-x5fc-pgpx-59j5

Vulnerability from github

Published

2022-05-13 01:14

Modified

2023-08-17 16:14

Summary

Server side object manipulation in Apache Struts

Details

OGNL provides, among other features, extensive expression evaluation capabilities. This vulnerability allows a malicious user to bypass the '#'-usage protection built into the ParametersInterceptor, thus being able to manipulate server side context objects. This behavior was already addressed in S2-003, but it turned out that the resulting fix based on whitelisting acceptable parameter names closed the vulnerability only partially.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts2-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2010-1870"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-03T19:11:38Z",
    "nvd_published_at": "2010-08-17T20:00:00Z",
    "severity": "MODERATE"
  },
  "details": "OGNL provides, among other features, extensive expression evaluation capabilities. This vulnerability allows a malicious user to bypass the \u0027#\u0027-usage protection built into the ParametersInterceptor, thus being able to manipulate server side context objects. This behavior was already addressed in [S2-003](https://cwiki.apache.org/confluence/display/WW/S2-003), but it turned out that the resulting fix based on whitelisting acceptable parameter names closed the vulnerability only partially.",
  "id": "GHSA-x5fc-pgpx-59j5",
  "modified": "2023-08-17T16:14:30Z",
  "published": "2022-05-13T01:14:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1870"
    },
    {
      "type": "WEB",
      "url": "https://cwiki.apache.org/confluence/display/WW/S2-003"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/struts"
    },
    {
      "type": "WEB",
      "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
    },
    {
      "type": "WEB",
      "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2010/Jul/183"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Oct/23"
    },
    {
      "type": "WEB",
      "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Server side object manipulation in Apache Struts"
}

gsd-2010-1870

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-1870

Aliases

CVE-2010-1870

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-1870",
    "description": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.",
    "id": "GSD-2010-1870",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-1870.html",
      "https://packetstormsecurity.com/files/cve/CVE-2010-1870"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-1870"
      ],
      "details": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.",
      "id": "GSD-2010-1870",
      "modified": "2023-12-13T01:21:32.084221Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-1870",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16",
            "refsource": "CONFIRM",
            "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16"
          },
          {
            "name": "14360",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/14360"
          },
          {
            "name": "41592",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/41592"
          },
          {
            "name": "66280",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/66280"
          },
          {
            "name": "http://struts.apache.org/2.2.1/docs/s2-005.html",
            "refsource": "CONFIRM",
            "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
          },
          {
            "name": "59110",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59110"
          },
          {
            "name": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html",
            "refsource": "MISC",
            "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
          },
          {
            "name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2",
            "refsource": "CONFIRM",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
          },
          {
            "name": "20100713 CVE-2010-1870: Struts2 remote commands execution",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2010/Jul/183"
          },
          {
            "name": "8345",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8345"
          },
          {
            "name": "20201020 LISTSERV Maestro Remote Code Execution Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2020/Oct/23"
          },
          {
            "name": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[2-alpha0,2.1.8.1]",
          "affected_versions": "All versions starting from 2-alpha0 up to 2.1.8.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2014-07-24",
          "description": "The OGNL extensive expression evaluation capability in this package as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive allowlist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the `#context`, `#_memberAccess`, `#root`, `#this`, `#_typeResolver`, `#_classResolver`, `#_traceEvaluations`, `#_lastEvaluation`, `#_keepLastEvaluation`, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.",
          "fixed_versions": [
            "2.2.1"
          ],
          "identifier": "CVE-2010-1870",
          "identifiers": [
            "CVE-2010-1870"
          ],
          "not_impacted": "All versions before 2-alpha0, all versions after 2.1.8.1",
          "package_slug": "maven/org.apache.struts/struts2-core",
          "pubdate": "2010-08-17",
          "solution": "Upgrade to version 2.2.1 or above.",
          "title": "XWork ParameterInterceptors bypass allows remote command execution",
          "urls": [
            "http://struts.apache.org/docs/s2-005.html"
          ],
          "uuid": "1a9f6efb-96d6-4ca8-97f7-8aa353dd20d5"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1870"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "14360",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.exploit-db.com/exploits/14360"
            },
            {
              "name": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16"
            },
            {
              "name": "http://struts.apache.org/2.2.1/docs/s2-005.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://struts.apache.org/2.2.1/docs/s2-005.html"
            },
            {
              "name": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"
            },
            {
              "name": "41592",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/41592"
            },
            {
              "name": "20100713 CVE-2010-1870: Struts2 remote commands execution",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2010/Jul/183"
            },
            {
              "name": "66280",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/66280"
            },
            {
              "name": "8345",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8345"
            },
            {
              "name": "59110",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59110"
            },
            {
              "name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
            },
            {
              "name": "20201020 LISTSERV Maestro Remote Code Execution Vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2020/Oct/23"
            },
            {
              "name": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2020-10-20T22:15Z",
      "publishedDate": "2010-08-17T20:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-1870

Vulnerability from cvelistv5

var-201008-0298

Vulnerability from variot

Vmware vCenter Orchestrator

ghsa-x5fc-pgpx-59j5

Vulnerability from github

gsd-2010-1870

Vulnerability from gsd

Tags

Sightings

Nomenclature