apache struts 2.0.14 vulnerabilities and exploits

(subscribe to this query)

NA

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to...

Apache Struts 2.0.14 Apache Struts 2.2.31 EDB exploit available

NA

The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the...

Apache Struts 2.0.8 Apache Struts 2.0.9 Apache Struts 2.0.3 Apache Struts 2.0.11.2 Apache Struts 2.0.11.1 Apache Struts 2.0.10 Apache Struts 2.0.5 Apache Struts 2.0.2 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.0.1 Apache Struts 2.1.3 Apache Struts 2.1.2 Apache Struts 2.0.7 Apache Struts 2.0.11 Apache Struts 2.0.14 Apache Struts 2.0.13 Apache Struts 2.1.1 Apache Struts 2.1.0 Apache Struts 2.0.0 Apache Struts 2.0.6 Apache Struts 2.0.4 Apache Struts 2.0.12 Apache Struts 2.1.6 Apache Struts 2.1.8 Apache Struts 2.1.8.12 EDB exploits available1 Metasploit module available8 Github repositories available2 Articles available

NA

Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related...

NA

Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an...

NA

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression....

NA

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix....

Apache Struts 2.2.3.1 Apache Struts 2.3.4 Apache Struts 2.3.14.1 Apache Struts 2.0.8 Apache Struts 2.1.2 Apache Struts 2.0.14 Apache Struts 2.1.8.1 Apache Struts 2.2.1.1 Apache Struts 2.0.1 Apache Struts 2.0.3 Apache Struts 2.3.12 Apache Struts 2.3.1.2 Apache Struts 2.0.11.1 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.2.1 Apache Struts 2.1.3 Apache Struts 2.1.0 Apache Struts 2.1.8 Apache Struts 2.0.0 Apache Struts 2.3.1 Apache Struts 2.3.7 Apache Struts 2.3.14 Apache Struts 2.3.3 Apache Struts 2.0.11 Apache Struts 2.3.14.2 Apache Struts 2.0.6 Apache Struts 2.0.13 Apache Struts 2.0.12 Apache Struts 2.2.3 Apache Struts 2.0.4 Apache Struts 2.0.2 Apache Struts 2.0.5 Apache Struts 2.0.9 Apache Struts 2.0.11.2 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.1.6 Apache Struts 2.1.1 Apache Struts 2.0.7 Apache Struts 2.0.10 Apache Struts 2.3.1.1 Apache Struts 2.3.4.1 Apache Struts 2.3.81 EDB exploit available1 Metasploit module available40 Github repositories available

NA

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix....

Apache Struts 2.0.11.2 Apache Struts 2.0.11.1 Apache Struts 2.3.14.3 Apache Struts 2.1.4 Apache Struts 2.2.1 Apache Struts 2.1.1 Apache Struts 2.1.0 Apache Struts 2.3.1.1 Apache Struts 2.0.0 Apache Struts 2.3.8 Apache Struts 2.0.11 Apache Struts 2.0.9 Apache Struts 2.0.6 Apache Struts 2.1.5 Apache Struts 2.0.12 Apache Struts 2.1.6 Apache Struts 2.0.4 Apache Struts 2.0.7 Apache Struts 2.0.10 Apache Struts 2.0.5 Apache Struts 2.3.4.1 Apache Struts 2.3.7 Apache Struts 2.3.1.2 Apache Struts 2.2.3.1 Apache Struts 2.3.15 Apache Struts 2.3.14.1 Apache Struts 2.1.3 Apache Struts 2.1.2 Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.3.1 Apache Struts 2.0.1 Apache Struts 2.3.14 Apache Struts 2.3.12 Apache Struts 2.3.4 Apache Struts 2.3.3 Apache Struts 2.0.8 Apache Struts 2.3.14.2 Apache Struts 2.0.14 Apache Struts 2.0.13 Apache Struts 2.2.1.1 Apache Struts 2.2.3 Apache Struts 2.0.3 Apache Struts 2.0.21 EDB exploit available1 Github repository available

NA

The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session...

NA

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix....

Apache Struts 2.3.15 Apache Struts 2.3.14.3 Apache Struts 2.3.1 Apache Struts 2.2.3.1 Apache Struts 2.1.4 Apache Struts 2.1.3 Apache Struts 2.0.6 Apache Struts 2.0.5 Apache Struts 2.0.11.2 Apache Struts 2.0.11.1 Apache Struts 2.3.4 Apache Struts 2.3.3 Apache Struts 2.3.1.2 Apache Struts 2.3.1.1 Apache Struts 2.1.6 Apache Struts 2.1.5 Apache Struts 2.0.8 Apache Struts 2.0.7 Apache Struts 2.0.13 Apache Struts 2.0.12 Apache Struts 2.3.8 Apache Struts 2.3.14.2 Apache Struts 2.3.14.1 Apache Struts 2.2.3 Apache Struts 2.2.1.1 Apache Struts 2.1.2 Apache Struts 2.1.1 Apache Struts 2.0.4 Apache Struts 2.0.3 Apache Struts 2.0.11 Apache Struts 2.0.10 Apache Struts 2.0.1 Apache Struts 2.3.7 Apache Struts 2.3.4.1 Apache Struts 2.3.14 Apache Struts 2.3.12 Apache Struts 2.2.1 Apache Struts 2.1.8.1 Apache Struts 2.1.8 Apache Struts 2.1.0 Apache Struts 2.0.9 Apache Struts 2.0.2 Apache Struts 2.0.14 Apache Struts 2.0.0 Apache Struts 2.3.15.11 Article available

5.3

CVSSv3

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors....

Ognl Project Ognl Apache Struts 2.3.16.2 Apache Struts 2.3.16.1 Apache Struts 2.3.14.1 Apache Struts 2.3.14 Apache Struts 2.3.1.1 Apache Struts 2.3.1 Apache Struts 2.1.6 Apache Struts 2.3.24.1 Apache Struts 2.3.24 Apache Struts 2.3.16 Apache Struts 2.3.15.3 Apache Struts 2.3.15.2 Apache Struts 2.3.12 Apache Struts 2.3.8 Apache Struts 2.2.3.1 Apache Struts 2.2.3 Apache Struts 2.1.3 Apache Struts 2.1.2 Apache Struts 2.0.11.1 Apache Struts 2.0.11 Apache Struts 2.0.4 Apache Struts 2.0.3 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.0.12 Apache Struts 2.0.11.2 Apache Struts 2.0.6 Apache Struts 2.0.5 Apache Struts 2.3.20.3 Apache Struts 2.3.20.1 Apache Struts 2.3.15.1 Apache Struts 2.3.15 Apache Struts 2.3.7 Apache Struts 2.3.4.1 Apache Struts 2.2.1.1 Apache Struts 2.2.1 Apache Struts 2.1.1 Apache Struts 2.1.0 Apache Struts 2.0.10 Apache Struts 2.0.9 Apache Struts 2.0.2 Apache Struts 2.0.1 Apache Struts 2.3.20 Apache Struts 2.3.16.3 Apache Struts 2.3.14.3 Apache Struts 2.3.14.2 Apache Struts 2.3.4 Apache Struts 2.3.1.2 Apache Struts 2.1.8.1 Apache Struts 2.1.8 Apache Struts 2.0.14 Apache Struts 2.0.13 Apache Struts 2.0.8 Apache Struts 2.0.7 Apache Struts 2.0.01 Github repository available

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook