Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
struts vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-1547
ActionForm in Apache Software Foundation (ASF) Struts prior to 1.2.9 with BeanUtils 1.7 allows remote malicious users to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which prov...
Apache Struts 1.2.7
Apache Struts
1 Github repository
NA
CVE-2012-1006
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to st...
Apache Struts 2.0.14
Apache Struts 2.2.3
1 EDB exploit
10
CVSSv3
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x prior to 2.3.32 and 2.5.x prior to 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote malicious users to execute arbitrary commands via a crafted Content-Typ...
Apache Struts 2.3.5
Apache Struts 2.3.28
Apache Struts 2.3.20.2
Apache Struts 2.3.15
Apache Struts 2.3.25
Apache Struts 2.3.14
Apache Struts 2.3.13
Apache Struts 2.3.16
Apache Struts 2.3.24.2
Apache Struts 2.3.17
Apache Struts 2.3.24.1
Apache Struts 2.3.22
Apache Struts 2.3.9
Apache Struts 2.3.16.3
Apache Struts 2.3.23
Apache Struts 2.3.6
Apache Struts 2.3.24.3
Apache Struts 2.3.15.2
Apache Struts 2.3.29
Apache Struts 2.3.14.3
Apache Struts 2.3.19
Apache Struts 2.3.20.1
2 EDB exploits
2 Nmap scripts
144 Github repositories
15 Articles
NA
CVE-2006-1546
Apache Software Foundation (ASF) Struts prior to 1.2.9 allows remote malicious users to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications ...
Apache Struts
1 Github repository
NA
CVE-2012-0391
The ExceptionDelegator component in Apache Struts prior to 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote malicious users to execute arbitrary Java code via a crafted parameter...
Apache Struts
2 EDB exploits
NA
CVE-2012-0392
The CookieInterceptor component in Apache Struts prior to 2.3.1.1 does not use the parameter-name whitelist, which allows remote malicious users to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
Apache Struts
1 EDB exploit
NA
CVE-2012-0394
The DebuggingInterceptor component in Apache Struts prior to 2.3.1.1, when developer mode is used, allows remote malicious users to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
Apache Struts
2 EDB exploits
NA
CVE-2013-1966
Apache Struts 2 prior to 2.3.14.2 allows remote malicious users to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
Apache Struts
1 EDB exploit
8.1
CVSSv3
CVE-2013-2115
Apache Struts 2 prior to 2.3.14.2 allows remote malicious users to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
Apache Struts
1 EDB exploit
NA
CVE-2013-2135
Apache Struts 2 prior to 2.3.14.3 allows remote malicious users to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
Apache Struts
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »