apache struts 2.2.1 vulnerabilities and exploits

(subscribe to this query)

2.6

CVSSv2

Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an...

5.8

CVSSv2

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix....

Apache Struts 2.3.15 Apache Struts 2.3.14.3 Apache Struts 2.3.1 Apache Struts 2.2.3.1 Apache Struts 2.1.4 Apache Struts 2.1.3 Apache Struts 2.0.6 Apache Struts 2.0.5 Apache Struts 2.0.11.2 Apache Struts 2.0.11.1 Apache Struts 2.3.4 Apache Struts 2.3.3 Apache Struts 2.3.1.2 Apache Struts 2.3.1.1 Apache Struts 2.1.6 Apache Struts 2.1.5 Apache Struts 2.0.8 Apache Struts 2.0.7 Apache Struts 2.0.13 Apache Struts 2.0.12 Apache Struts 2.3.8 Apache Struts 2.3.14.2 Apache Struts 2.3.14.1 Apache Struts 2.2.3 Apache Struts 2.2.1.1 Apache Struts 2.1.2 Apache Struts 2.1.1 Apache Struts 2.0.4 Apache Struts 2.0.3 Apache Struts 2.0.11 Apache Struts 2.0.10 Apache Struts 2.0.1 Apache Struts 2.3.7 Apache Struts 2.3.4.1 Apache Struts 2.3.14 Apache Struts 2.3.12 Apache Struts 2.2.1 Apache Struts 2.1.8.1 Apache Struts 2.1.8 Apache Struts 2.1.0 Apache Struts 2.0.9 Apache Struts 2.0.2 Apache Struts 2.0.14 Apache Struts 2.0.0 Apache Struts 2.3.15.11 Article available

4.3

CVSSv2

Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related...

9.3

CVSSv2

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix....

Apache Struts 2.2.3.1 Apache Struts 2.3.4 Apache Struts 2.3.14.1 Apache Struts 2.0.8 Apache Struts 2.1.2 Apache Struts 2.0.14 Apache Struts 2.1.8.1 Apache Struts 2.2.1.1 Apache Struts 2.0.1 Apache Struts 2.0.3 Apache Struts 2.3.12 Apache Struts 2.3.1.2 Apache Struts 2.0.11.1 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.2.1 Apache Struts 2.1.3 Apache Struts 2.1.0 Apache Struts 2.1.8 Apache Struts 2.0.0 Apache Struts 2.3.1 Apache Struts 2.3.7 Apache Struts 2.3.14 Apache Struts 2.3.3 Apache Struts 2.0.11 Apache Struts 2.3.14.2 Apache Struts 2.0.6 Apache Struts 2.0.13 Apache Struts 2.0.12 Apache Struts 2.2.3 Apache Struts 2.0.4 Apache Struts 2.0.2 Apache Struts 2.0.5 Apache Struts 2.0.9 Apache Struts 2.0.11.2 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.1.6 Apache Struts 2.1.1 Apache Struts 2.0.7 Apache Struts 2.0.10 Apache Struts 2.3.1.1 Apache Struts 2.3.4.1 Apache Struts 2.3.81 EDB exploit available1 Metasploit module available46 Github repositories available

5

CVSSv2

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors....

Ognl Project Ognl Apache Struts 2.0.0 Apache Struts 2.0.1 Apache Struts 2.0.2 Apache Struts 2.0.3 Apache Struts 2.0.4 Apache Struts 2.0.5 Apache Struts 2.0.6 Apache Struts 2.0.7 Apache Struts 2.0.8 Apache Struts 2.0.9 Apache Struts 2.0.10 Apache Struts 2.0.11 Apache Struts 2.0.11.1 Apache Struts 2.0.11.2 Apache Struts 2.0.12 Apache Struts 2.0.13 Apache Struts 2.0.14 Apache Struts 2.1.0 Apache Struts 2.1.1 Apache Struts 2.1.2 Apache Struts 2.1.3 Apache Struts 2.1.4 Apache Struts 2.1.5 Apache Struts 2.1.6 Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.2.1 Apache Struts 2.2.1.1 Apache Struts 2.2.3 Apache Struts 2.2.3.1 Apache Struts 2.3.1 Apache Struts 2.3.1.1 Apache Struts 2.3.1.2 Apache Struts 2.3.4 Apache Struts 2.3.4.1 Apache Struts 2.3.7 Apache Struts 2.3.8 Apache Struts 2.3.12 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.16.3 Apache Struts 2.3.20 Apache Struts 2.3.20.1 Apache Struts 2.3.20.3 Apache Struts 2.3.24 Apache Struts 2.3.24.11 Github repository available

6.8

CVSSv2

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism....

Apache Struts 2.0.1 Apache Struts 2.0.10 Apache Struts 2.0.11 Apache Struts 2.0.3 Apache Struts 2.0.4 Apache Struts 2.1.1 Apache Struts 2.1.2 Apache Struts 2.2.1.1 Apache Struts 2.2.3 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.0.12 Apache Struts 2.0.13 Apache Struts 2.0.7 Apache Struts 2.0.8 Apache Struts 2.1.5 Apache Struts 2.1.6 Apache Struts 2.3.1.1 Apache Struts 2.3.1.2 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.4 Apache Struts 2.3.4.1 Apache Struts 2.3.7 Apache Struts 2.0.11.1 Apache Struts 2.0.11.2 Apache Struts 2.0.5 Apache Struts 2.0.6 Apache Struts 2.1.3 Apache Struts 2.1.4 Apache Struts 2.2.3.1 Apache Struts 2.3.1 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.16.3 Apache Struts 2.3.3 Apache Struts 2.0.0 Apache Struts 2.0.14 Apache Struts 2.0.2 Apache Struts 2.0.9 Apache Struts 2.1.0 Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.2.1 Apache Struts 2.3.12 Apache Struts 2.3.14 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.86 Github repositories available

5

CVSSv2

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression....

6.8

CVSSv2

The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session...

4.3

CVSSv2

Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display....

Apache Struts 2.3.3 Apache Struts 2.3.24.1 Apache Struts 2.3.15.1 Apache Struts 2.3.15 Apache Struts 2.3.14.3 Apache Struts 2.3.1 Apache Struts 2.2.3.1 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.0.9 Apache Struts 2.0.8 Apache Struts 2.0.7 Apache Struts 2.0.13 Apache Struts 2.0.12 Apache Struts 2.3.8 Apache Struts 2.3.7 Apache Struts 2.3.16.1 Apache Struts 2.3.16 Apache Struts 2.3.14 Apache Struts 2.3.12 Apache Struts 2.2.1 Apache Struts 2.1.8.1 Apache Struts 2.1.2 Apache Struts 2.1.1 Apache Struts 2.0.4 Apache Struts 2.0.3 Apache Struts 2.0.11 Apache Struts 2.0.10 Apache Struts 2.3.4.1 Apache Struts 2.3.4 Apache Struts 2.3.15.3 Apache Struts 2.3.15.2 Apache Struts 2.3.1.2 Apache Struts 2.3.1.1 Apache Struts 2.1.8 Apache Struts 2.1.6 Apache Struts 2.1.0 Apache Struts 2.1 Apache Struts 2.0.2 Apache Struts 2.0.14 Apache Struts 2.0.1 Apache Struts 2.0.0 Apache Struts 2.3.20 Apache Struts 2.3.24 Apache Struts 2.3.16.3 Apache Struts 2.3.16.2 Apache Struts 2.3.14.2 Apache Struts 2.3.14.1 Apache Struts 2.2.3 Apache Struts 2.2.1.1 Apache Struts 2.1.3 Apache Struts 2.1.2 Beta Apache Struts 2.0.6 Apache Struts 2.0.5 Apache Struts 2.0.11.2 Apache Struts 2.0.11.1

9.3

CVSSv2

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions....

Apache Struts 2.3.28 Apache Struts 2.3.4 Apache Struts 2.3.3 Apache Struts 2.3.15.1 Apache Struts 2.3.15 Apache Struts 2.3.1.1 Apache Struts 2.3.1 Apache Struts 2.1.6 Apache Struts 2.1.5 Apache Struts 2.0.7 Apache Struts 2.0.6 Apache Struts 2.0.12 Apache Struts 2.0.11.2 Apache Struts 2.3.24 Apache Struts 2.3.8 Apache Struts 2.3.16.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16 Apache Struts 2.3.14.1 Apache Struts 2.3.14 Apache Struts 2.2.1.1 Apache Struts 2.2.1 Apache Struts 2.1.1 Apache Struts 2.1.0 Apache Struts 2.0.3 Apache Struts 2.0.2 Apache Struts 2.0.10 Apache Struts 2.0.1 Apache Struts 2.3.7 Apache Struts 2.3.4.1 Apache Struts 2.3.15.3 Apache Struts 2.3.15.2 Apache Struts 2.3.12 Apache Struts 2.3.1.2 Apache Struts 2.1.8.1 Apache Struts 2.1.8 Apache Struts 2.0.9 Apache Struts 2.0.8 Apache Struts 2.0.14 Apache Struts 2.0.13 Apache Struts 2.0.0 Apache Struts 2.3.20 Apache Struts 2.3.24.1 Apache Struts 2.3.20.1 Apache Struts 2.3.16.3 Apache Struts 2.3.14.3 Apache Struts 2.3.14.2 Apache Struts 2.2.3.1 Apache Struts 2.2.3 Apache Struts 2.1.4 Apache Struts 2.1.3 Apache Struts 2.1.2 Apache Struts 2.0.5 Apache Struts 2.0.4 Apache Struts 2.0.11.1 Apache Struts 2.0.11 Oracle Siebel E-billing 7.11 EDB exploit available1 Metasploit module available20 Github repositories available

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook