Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache struts 2.3.4 vulnerabilities and exploits
(subscribe to this query)
958
VMScore
CVE-2018-11776
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or...
Apache Struts
3 EDB exploits
44 Github repositories
3 Articles
936
VMScore
CVE-2016-3081
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote malicious users to execute arbitrary code via method: prefix, related to chained expressions.
Apache Struts 2.3.28
Apache Struts 2.3.4
Apache Struts 2.3.3
Apache Struts 2.3.15.1
Apache Struts 2.3.15
Apache Struts 2.3.1.1
Apache Struts 2.3.1
Apache Struts 2.1.6
Apache Struts 2.1.5
Apache Struts 2.0.7
Apache Struts 2.0.6
Apache Struts 2.0.12
Apache Struts 2.0.11.2
Apache Struts 2.3.24
Apache Struts 2.3.8
Apache Struts 2.3.16.2
Apache Struts 2.3.16.1
Apache Struts 2.3.16
Apache Struts 2.3.14.1
Apache Struts 2.3.14
Apache Struts 2.2.1.1
Apache Struts 2.2.1
1 EDB exploit
2 Github repositories
936
VMScore
CVE-2013-2251
Apache Struts 2.0.0 up to and including 2.3.15 allows remote malicious users to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
Apache Struts 2.2.3.1
Apache Struts 2.3.4
Apache Struts 2.3.14.1
Apache Struts 2.0.8
Apache Struts 2.1.2
Apache Struts 2.0.14
Apache Struts 2.1.8.1
Apache Struts 2.2.1.1
Apache Struts 2.0.1
Apache Struts 2.0.3
Apache Struts 2.3.12
Apache Struts 2.3.1.2
Apache Struts 2.0.11.1
Apache Struts 2.3.14.3
Apache Struts 2.3.15
Apache Struts 2.2.1
Apache Struts 2.1.3
Apache Struts 2.1.0
Apache Struts 2.1.8
Apache Struts 2.0.0
Apache Struts 2.3.1
Apache Struts 2.3.7
1 EDB exploit
4 Github repositories
891
VMScore
CVE-2013-4316
Apache Struts 2.0.0 up to and including 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
Apache Struts 2.3.12
Apache Struts 2.3.1.2
Apache Struts 2.3.1.1
Apache Struts 2.3.1
Apache Struts 2.0.9
Apache Struts 2.0.8
Apache Struts 2.0.7
Apache Struts 2.0.6
Apache Struts 2.0.0
Apache Struts 2.3.15.1
Apache Struts 2.3.4.1
Apache Struts 2.3.4
Apache Struts 2.3.3
Apache Struts 2.3.15
Apache Struts 2.1.8.1
Apache Struts 2.1.8
Apache Struts 2.1.6
Apache Struts 2.1.5
Apache Struts 2.1.4
Apache Struts 2.0.14
Apache Struts 2.0.13
Apache Struts 2.0.12
890
VMScore
CVE-2016-3082
XSLTResult in Apache Struts 2.x prior to 2.3.20.2, 2.3.24.x prior to 2.3.24.2, and 2.3.28.x prior to 2.3.28.1 allows remote malicious users to execute arbitrary code via the stylesheet location parameter.
Apache Struts 2.3.4.1
Apache Struts 2.3.4
Apache Struts 2.3.15.3
Apache Struts 2.3.15.2
Apache Struts 2.3.12
Apache Struts 2.3.1.2
Apache Struts 2.3.1.1
Apache Struts 2.1.8
Apache Struts 2.1.6
Apache Struts 2.0.9
Apache Struts 2.0.8
Apache Struts 2.0.13
Apache Struts 2.0.12
Apache Struts 2.3.8
Apache Struts 2.3.7
Apache Struts 2.3.16.1
Apache Struts 2.3.16
Apache Struts 2.3.14.1
Apache Struts 2.3.14
Apache Struts 2.2.1
Apache Struts 2.1.8.1
Apache Struts 2.1.1
762
VMScore
CVE-2017-9791
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
Apache Struts 2.3.1
Apache Struts 2.3.1.1
Apache Struts 2.3.1.2
Apache Struts 2.3.3
Apache Struts 2.3.4
Apache Struts 2.3.4.1
Apache Struts 2.3.7
Apache Struts 2.3.8
Apache Struts 2.3.12
Apache Struts 2.3.14
Apache Struts 2.3.14.1
Apache Struts 2.3.14.2
Apache Struts 2.3.14.3
Apache Struts 2.3.15
Apache Struts 2.3.15.1
Apache Struts 2.3.15.2
Apache Struts 2.3.15.3
Apache Struts 2.3.16
Apache Struts 2.3.16.1
Apache Struts 2.3.16.2
Apache Struts 2.3.16.3
Apache Struts 2.3.20
2 EDB exploits
8 Github repositories
1 Article
690
VMScore
CVE-2017-9805
The REST Plugin in Apache Struts 2.1.1 up to and including 2.3.x prior to 2.3.34 and 2.5.x prior to 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
Apache Struts 2.1.8
Apache Struts 2.1.8.1
Apache Struts 2.3.1.2
Apache Struts 2.3.3
Apache Struts 2.3.14.2
Apache Struts 2.3.14.3
Apache Struts 2.3.16.2
Apache Struts 2.3.16.3
Apache Struts 2.3.28
Apache Struts 2.3.28.1
Apache Struts 2.5.3
Apache Struts 2.5.4
Apache Struts 2.5.10.1
Apache Struts 2.5.11
Apache Struts 2.1.2
Apache Struts 2.2.1
Apache Struts 2.2.1.1
Apache Struts 2.3.4
Apache Struts 2.3.4.1
Apache Struts 2.3.15
Apache Struts 2.3.15.1
Apache Struts 2.3.20
1 EDB exploit
18 Github repositories
3 Articles
668
VMScore
CVE-2017-12611
In Apache Struts 2.0.0 up to and including 2.3.33 and 2.5 up to and including 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
Apache Struts 2.0.3
Apache Struts 2.0.5
Apache Struts 2.0.11.1
Apache Struts 2.0.12
Apache Struts 2.1.4
Apache Struts 2.1.6
Apache Struts 2.2.3
Apache Struts 2.3.1
Apache Struts 2.3.6
Apache Struts 2.3.8
Apache Struts 2.3.14.1
Apache Struts 2.3.14.3
Apache Struts 2.3.16
Apache Struts 2.3.16.2
Apache Struts 2.3.17
Apache Struts 2.3.21
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.14
Apache Struts 2.1.0
Apache Struts 2.1.1
Apache Struts 2.1.2
1 Github repository
1 Article
668
VMScore
CVE-2016-4436
Apache Struts 2 prior to 2.3.29 and 2.5.x prior to 2.5.1 allow malicious users to have unspecified impact via vectors related to improper action name clean up.
Apache Struts 2.3.16.2
Apache Struts 2.3.16.1
Apache Struts 2.3.14.1
Apache Struts 2.3.14
Apache Struts 2.3.1.2
Apache Struts 2.3.1.1
Apache Struts 2.1.8
Apache Struts 2.1.6
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.3.20.1
Apache Struts 2.3.20.3
Apache Struts 2.5
Apache Struts 2.3.15.2
Apache Struts 2.3.15
Apache Struts 2.3.8
Apache Struts 2.3.4.1
Apache Struts 2.2.3
Apache Struts 2.2.1.1
Apache Struts 2.0.11.2
Apache Struts 2.0.11.1
Apache Struts 2.0.0
605
VMScore
CVE-2014-7809
Apache Struts 2.0.0 up to and including 2.3.x prior to 2.3.20 uses predictable <s:token/> values, which allows remote malicious users to bypass the CSRF protection mechanism.
Apache Struts 2.0.1
Apache Struts 2.0.10
Apache Struts 2.0.11
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.1.1
Apache Struts 2.1.2
Apache Struts 2.2.1.1
Apache Struts 2.2.3
Apache Struts 2.3.14.1
Apache Struts 2.3.14.2
Apache Struts 2.3.16.1
Apache Struts 2.3.16.2
Apache Struts 2.0.12
Apache Struts 2.0.13
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.1.5
Apache Struts 2.1.6
Apache Struts 2.3.1.1
Apache Struts 2.3.1.2
Apache Struts 2.3.15.1
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »