Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache struts 2.2.1.1 vulnerabilities and exploits
(subscribe to this query)
940
VMScore
CVE-2012-0391
The ExceptionDelegator component in Apache Struts prior to 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote malicious users to execute arbitrary Java code via a crafted parameter...
Apache Struts
2 EDB exploits
936
VMScore
CVE-2016-3081
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote malicious users to execute arbitrary code via method: prefix, related to chained expressions.
Apache Struts 2.3.28
Apache Struts 2.3.4
Apache Struts 2.3.3
Apache Struts 2.3.15.1
Apache Struts 2.3.15
Apache Struts 2.3.1.1
Apache Struts 2.3.1
Apache Struts 2.1.6
Apache Struts 2.1.5
Apache Struts 2.0.7
Apache Struts 2.0.6
Apache Struts 2.0.12
Apache Struts 2.0.11.2
Apache Struts 2.3.24
Apache Struts 2.3.8
Apache Struts 2.3.16.2
Apache Struts 2.3.16.1
Apache Struts 2.3.16
Apache Struts 2.3.14.1
Apache Struts 2.3.14
Apache Struts 2.2.1.1
Apache Struts 2.2.1
1 EDB exploit
2 Github repositories
936
VMScore
CVE-2013-2251
Apache Struts 2.0.0 up to and including 2.3.15 allows remote malicious users to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
Apache Struts 2.2.3.1
Apache Struts 2.3.4
Apache Struts 2.3.14.1
Apache Struts 2.0.8
Apache Struts 2.1.2
Apache Struts 2.0.14
Apache Struts 2.1.8.1
Apache Struts 2.2.1.1
Apache Struts 2.0.1
Apache Struts 2.0.3
Apache Struts 2.3.12
Apache Struts 2.3.1.2
Apache Struts 2.0.11.1
Apache Struts 2.3.14.3
Apache Struts 2.3.15
Apache Struts 2.2.1
Apache Struts 2.1.3
Apache Struts 2.1.0
Apache Struts 2.1.8
Apache Struts 2.0.0
Apache Struts 2.3.1
Apache Struts 2.3.7
1 EDB exploit
4 Github repositories
891
VMScore
CVE-2013-4316
Apache Struts 2.0.0 up to and including 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
Apache Struts 2.3.12
Apache Struts 2.3.1.2
Apache Struts 2.3.1.1
Apache Struts 2.3.1
Apache Struts 2.0.9
Apache Struts 2.0.8
Apache Struts 2.0.7
Apache Struts 2.0.6
Apache Struts 2.0.0
Apache Struts 2.3.15.1
Apache Struts 2.3.4.1
Apache Struts 2.3.4
Apache Struts 2.3.3
Apache Struts 2.3.15
Apache Struts 2.1.8.1
Apache Struts 2.1.8
Apache Struts 2.1.6
Apache Struts 2.1.5
Apache Struts 2.1.4
Apache Struts 2.0.14
Apache Struts 2.0.13
Apache Struts 2.0.12
890
VMScore
CVE-2016-3082
XSLTResult in Apache Struts 2.x prior to 2.3.20.2, 2.3.24.x prior to 2.3.24.2, and 2.3.28.x prior to 2.3.28.1 allows remote malicious users to execute arbitrary code via the stylesheet location parameter.
Apache Struts 2.3.4.1
Apache Struts 2.3.4
Apache Struts 2.3.15.3
Apache Struts 2.3.15.2
Apache Struts 2.3.12
Apache Struts 2.3.1.2
Apache Struts 2.3.1.1
Apache Struts 2.1.8
Apache Struts 2.1.6
Apache Struts 2.0.9
Apache Struts 2.0.8
Apache Struts 2.0.13
Apache Struts 2.0.12
Apache Struts 2.3.8
Apache Struts 2.3.7
Apache Struts 2.3.16.1
Apache Struts 2.3.16
Apache Struts 2.3.14.1
Apache Struts 2.3.14
Apache Struts 2.2.1
Apache Struts 2.1.8.1
Apache Struts 2.1.1
690
VMScore
CVE-2017-9805
The REST Plugin in Apache Struts 2.1.1 up to and including 2.3.x prior to 2.3.34 and 2.5.x prior to 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
Apache Struts 2.1.8
Apache Struts 2.1.8.1
Apache Struts 2.3.1.2
Apache Struts 2.3.3
Apache Struts 2.3.14.2
Apache Struts 2.3.14.3
Apache Struts 2.3.16.2
Apache Struts 2.3.16.3
Apache Struts 2.3.28
Apache Struts 2.3.28.1
Apache Struts 2.5.3
Apache Struts 2.5.4
Apache Struts 2.5.10.1
Apache Struts 2.5.11
Apache Struts 2.1.2
Apache Struts 2.2.1
Apache Struts 2.2.1.1
Apache Struts 2.3.4
Apache Struts 2.3.4.1
Apache Struts 2.3.15
Apache Struts 2.3.15.1
Apache Struts 2.3.20
1 EDB exploit
18 Github repositories
3 Articles
668
VMScore
CVE-2017-12611
In Apache Struts 2.0.0 up to and including 2.3.33 and 2.5 up to and including 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
Apache Struts 2.0.3
Apache Struts 2.0.5
Apache Struts 2.0.11.1
Apache Struts 2.0.12
Apache Struts 2.1.4
Apache Struts 2.1.6
Apache Struts 2.2.3
Apache Struts 2.3.1
Apache Struts 2.3.6
Apache Struts 2.3.8
Apache Struts 2.3.14.1
Apache Struts 2.3.14.3
Apache Struts 2.3.16
Apache Struts 2.3.16.2
Apache Struts 2.3.17
Apache Struts 2.3.21
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.14
Apache Struts 2.1.0
Apache Struts 2.1.1
Apache Struts 2.1.2
1 Github repository
1 Article
668
VMScore
CVE-2016-4436
Apache Struts 2 prior to 2.3.29 and 2.5.x prior to 2.5.1 allow malicious users to have unspecified impact via vectors related to improper action name clean up.
Apache Struts 2.3.16.2
Apache Struts 2.3.16.1
Apache Struts 2.3.14.1
Apache Struts 2.3.14
Apache Struts 2.3.1.2
Apache Struts 2.3.1.1
Apache Struts 2.1.8
Apache Struts 2.1.6
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.3.20.1
Apache Struts 2.3.20.3
Apache Struts 2.5
Apache Struts 2.3.15.2
Apache Struts 2.3.15
Apache Struts 2.3.8
Apache Struts 2.3.4.1
Apache Struts 2.2.3
Apache Struts 2.2.1.1
Apache Struts 2.0.11.2
Apache Struts 2.0.11.1
Apache Struts 2.0.0
605
VMScore
CVE-2014-7809
Apache Struts 2.0.0 up to and including 2.3.x prior to 2.3.20 uses predictable <s:token/> values, which allows remote malicious users to bypass the CSRF protection mechanism.
Apache Struts 2.0.1
Apache Struts 2.0.10
Apache Struts 2.0.11
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.1.1
Apache Struts 2.1.2
Apache Struts 2.2.1.1
Apache Struts 2.2.3
Apache Struts 2.3.14.1
Apache Struts 2.3.14.2
Apache Struts 2.3.16.1
Apache Struts 2.3.16.2
Apache Struts 2.0.12
Apache Struts 2.0.13
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.1.5
Apache Struts 2.1.6
Apache Struts 2.3.1.1
Apache Struts 2.3.1.2
Apache Struts 2.3.15.1
1 Github repository
605
VMScore
CVE-2012-4386
The token check mechanism in Apache Struts 2.0.0 up to and including 2.3.4 does not properly validate the token name configuration parameter, which allows remote malicious users to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter...
Apache Struts 2.0.11
Apache Struts 2.0.9
Apache Struts 2.1.3
Apache Struts 2.1.2
Apache Struts 2.1.8
Apache Struts 2.1.8.1
Apache Struts 2.0.1
Apache Struts 2.0.3
Apache Struts 2.0.2
Apache Struts 2.3.4
Apache Struts 2.1.4
Apache Struts 2.2.1
Apache Struts 2.1.1
Apache Struts 2.1.0
Apache Struts 2.0.10
Apache Struts 2.0.0
Apache Struts 2.3.1.2
Apache Struts 2.3.3
Apache Struts 2.0.11.2
Apache Struts 2.0.11.1
Apache Struts 2.0.8
Apache Struts 2.0.14
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »