apache struts 2.3.15.3 vulnerabilities and exploits

(subscribe to this query)

NA

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/....

Apache Struts 2.3.15.3

9.8

CVSSv3

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage....

9.8

CVSSv3

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter....

Apache Struts 2.3.4.1 Apache Struts 2.3.4 Apache Struts 2.3.15.3 Apache Struts 2.3.15.2 Apache Struts 2.3.12 Apache Struts 2.3.1.2 Apache Struts 2.3.1.1 Apache Struts 2.1.8 Apache Struts 2.1.6 Apache Struts 2.0.9 Apache Struts 2.0.8 Apache Struts 2.0.13 Apache Struts 2.0.12 Apache Struts 2.3.8 Apache Struts 2.3.7 Apache Struts 2.3.16.1 Apache Struts 2.3.16 Apache Struts 2.3.14.1 Apache Struts 2.3.14 Apache Struts 2.2.1 Apache Struts 2.1.8.1 Apache Struts 2.1.1 Apache Struts 2.1.0 Apache Struts 2.0.3 Apache Struts 2.0.2 Apache Struts 2.0.14 Apache Struts 2.0.1 Apache Struts 2.0.0 Apache Struts 2.3.20.1 Apache Struts 2.3.20 Apache Struts 2.3.3 Apache Struts 2.3.28 Apache Struts 2.3.15.1 Apache Struts 2.3.15 Apache Struts 2.3.1 Apache Struts 2.2.3.1 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.0.7 Apache Struts 2.0.6 Apache Struts 2.0.11.2 Apache Struts 2.0.11.1 Apache Struts 2.3.24 Apache Struts 2.3.24.1 Apache Struts 2.3.16.3 Apache Struts 2.3.16.2 Apache Struts 2.3.14.3 Apache Struts 2.3.14.2 Apache Struts 2.2.3 Apache Struts 2.2.1.1 Apache Struts 2.1.3 Apache Struts 2.1.2 Apache Struts 2.0.5 Apache Struts 2.0.4 Apache Struts 2.0.11 Apache Struts 2.0.10

5.3

CVSSv3

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors....

Ognl Project Ognl Apache Struts 2.0.0 Apache Struts 2.0.1 Apache Struts 2.0.2 Apache Struts 2.0.3 Apache Struts 2.0.4 Apache Struts 2.0.5 Apache Struts 2.0.6 Apache Struts 2.0.7 Apache Struts 2.0.8 Apache Struts 2.0.9 Apache Struts 2.0.10 Apache Struts 2.0.11 Apache Struts 2.0.11.1 Apache Struts 2.0.11.2 Apache Struts 2.0.12 Apache Struts 2.0.13 Apache Struts 2.0.14 Apache Struts 2.1.0 Apache Struts 2.1.1 Apache Struts 2.1.2 Apache Struts 2.1.3 Apache Struts 2.1.4 Apache Struts 2.1.5 Apache Struts 2.1.6 Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.2.1 Apache Struts 2.2.1.1 Apache Struts 2.2.3 Apache Struts 2.2.3.1 Apache Struts 2.3.1 Apache Struts 2.3.1.1 Apache Struts 2.3.1.2 Apache Struts 2.3.4 Apache Struts 2.3.4.1 Apache Struts 2.3.7 Apache Struts 2.3.8 Apache Struts 2.3.12 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.16.3 Apache Struts 2.3.20 Apache Struts 2.3.20.1 Apache Struts 2.3.20.3 Apache Struts 2.3.24 Apache Struts 2.3.24.11 Github repository available

NA

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism....

Apache Struts 2.0.1 Apache Struts 2.0.10 Apache Struts 2.0.11 Apache Struts 2.0.3 Apache Struts 2.0.4 Apache Struts 2.1.1 Apache Struts 2.1.2 Apache Struts 2.2.1.1 Apache Struts 2.2.3 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.0.12 Apache Struts 2.0.13 Apache Struts 2.0.7 Apache Struts 2.0.8 Apache Struts 2.1.5 Apache Struts 2.1.6 Apache Struts 2.3.1.1 Apache Struts 2.3.1.2 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.4 Apache Struts 2.3.4.1 Apache Struts 2.3.7 Apache Struts 2.0.11.1 Apache Struts 2.0.11.2 Apache Struts 2.0.5 Apache Struts 2.0.6 Apache Struts 2.1.3 Apache Struts 2.1.4 Apache Struts 2.2.3.1 Apache Struts 2.3.1 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.16.3 Apache Struts 2.3.3 Apache Struts 2.0.0 Apache Struts 2.0.14 Apache Struts 2.0.2 Apache Struts 2.0.9 Apache Struts 2.1.0 Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.2.1 Apache Struts 2.3.12 Apache Struts 2.3.14 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.86 Github repositories available

6.1

CVSSv3

Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display....

Apache Struts 2.3.3 Apache Struts 2.3.24.1 Apache Struts 2.3.15.1 Apache Struts 2.3.15 Apache Struts 2.3.14.3 Apache Struts 2.3.1 Apache Struts 2.2.3.1 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.0.9 Apache Struts 2.0.8 Apache Struts 2.0.7 Apache Struts 2.0.13 Apache Struts 2.0.12 Apache Struts 2.3.8 Apache Struts 2.3.7 Apache Struts 2.3.16.1 Apache Struts 2.3.16 Apache Struts 2.3.14 Apache Struts 2.3.12 Apache Struts 2.2.1 Apache Struts 2.1.8.1 Apache Struts 2.1.2 Apache Struts 2.1.1 Apache Struts 2.0.4 Apache Struts 2.0.3 Apache Struts 2.0.11 Apache Struts 2.0.10 Apache Struts 2.3.4.1 Apache Struts 2.3.4 Apache Struts 2.3.15.3 Apache Struts 2.3.15.2 Apache Struts 2.3.1.2 Apache Struts 2.3.1.1 Apache Struts 2.1.8 Apache Struts 2.1.6 Apache Struts 2.1.0 Apache Struts 2.1 Apache Struts 2.0.2 Apache Struts 2.0.14 Apache Struts 2.0.1 Apache Struts 2.0.0 Apache Struts 2.3.20 Apache Struts 2.3.24 Apache Struts 2.3.16.3 Apache Struts 2.3.16.2 Apache Struts 2.3.14.2 Apache Struts 2.3.14.1 Apache Struts 2.2.3 Apache Struts 2.2.1.1 Apache Struts 2.1.3 Apache Struts 2.1.2 Beta Apache Struts 2.0.6 Apache Struts 2.0.5 Apache Struts 2.0.11.2 Apache Struts 2.0.11.1

8.1

CVSSv3

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions....

Apache Struts 2.3.28 Apache Struts 2.3.4 Apache Struts 2.3.3 Apache Struts 2.3.15.1 Apache Struts 2.3.15 Apache Struts 2.3.1.1 Apache Struts 2.3.1 Apache Struts 2.1.6 Apache Struts 2.1.5 Apache Struts 2.0.7 Apache Struts 2.0.6 Apache Struts 2.0.12 Apache Struts 2.0.11.2 Apache Struts 2.3.24 Apache Struts 2.3.8 Apache Struts 2.3.16.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16 Apache Struts 2.3.14.1 Apache Struts 2.3.14 Apache Struts 2.2.1.1 Apache Struts 2.2.1 Apache Struts 2.1.1 Apache Struts 2.1.0 Apache Struts 2.0.3 Apache Struts 2.0.2 Apache Struts 2.0.10 Apache Struts 2.0.1 Apache Struts 2.3.7 Apache Struts 2.3.4.1 Apache Struts 2.3.15.3 Apache Struts 2.3.15.2 Apache Struts 2.3.12 Apache Struts 2.3.1.2 Apache Struts 2.1.8.1 Apache Struts 2.1.8 Apache Struts 2.0.9 Apache Struts 2.0.8 Apache Struts 2.0.14 Apache Struts 2.0.13 Apache Struts 2.0.0 Apache Struts 2.3.20 Apache Struts 2.3.24.1 Apache Struts 2.3.20.1 Apache Struts 2.3.16.3 Apache Struts 2.3.14.3 Apache Struts 2.3.14.2 Apache Struts 2.2.3.1 Apache Struts 2.2.3 Apache Struts 2.1.4 Apache Struts 2.1.3 Apache Struts 2.1.2 Apache Struts 2.0.5 Apache Struts 2.0.4 Apache Struts 2.0.11.1 Apache Struts 2.0.11 Oracle Siebel E-billing 7.11 EDB exploit available1 Metasploit module available25 Github repositories available

7.5

CVSSv3

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33....

Apache Struts 2.3.12 Apache Struts 2.3.13 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.20.1 Apache Struts 2.3.20.2 Apache Struts 2.3.24.2 Apache Struts 2.3.24.3 Apache Struts 2.3.30 Apache Struts 2.3.31 Apache Struts 2.3.32 Apache Struts 2.5.6 Apache Struts 2.5.7 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.16 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.20.3 Apache Struts 2.3.21 Apache Struts 2.3.25 Apache Struts 2.3.26 Apache Struts 2.5 Apache Struts 2.5.1 Apache Struts 2.5.8 Apache Struts 2.5.9 Apache Struts 2.3.10 Apache Struts 2.3.11 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.24 Apache Struts 2.3.24.1 Apache Struts 2.3.28.1 Apache Struts 2.3.29 Apache Struts 2.5.4 Apache Struts 2.5.5 Apache Struts 2.3.7 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.3.16.3 Apache Struts 2.3.17 Apache Struts 2.3.22 Apache Struts 2.3.23 Apache Struts 2.3.27 Apache Struts 2.3.28 Apache Struts 2.5.2 Apache Struts 2.5.3 Apache Struts 2.5.10 Apache Struts 2.5.10.12 Github repositories available3 Articles available

7.5

CVSSv3

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. ...

Apache Struts 2.5.12 Apache Struts 2.3.7 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.21 Apache Struts 2.3.22 Apache Struts 2.3.28.1 Apache Struts 2.3.29 Apache Struts 2.5 Apache Struts 2.5.7 Apache Struts 2.5.8 Apache Struts 2.3.10 Apache Struts 2.3.11 Apache Struts 2.3.12 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.25 Apache Struts 2.3.26 Apache Struts 2.3.32 Apache Struts 2.3.33 Apache Struts 2.5.3 Apache Struts 2.5.4 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.16.3 Apache Struts 2.3.17 Apache Struts 2.3.23 Apache Struts 2.3.24.2 Apache Struts 2.3.24.3 Apache Struts 2.3.30 Apache Struts 2.3.31 Apache Struts 2.5.1 Apache Struts 2.5.2 Apache Struts 2.5.9 Apache Struts 2.5.10 Apache Struts 2.5.10.1 Apache Struts 2.3.13 Apache Struts 2.3.14 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.20.1 Apache Struts 2.3.20.2 Apache Struts 2.3.27 Apache Struts 2.3.28 Apache Struts 2.5.5 Apache Struts 2.5.63 Github repositories available4 Articles available

NA

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request....

Apache Struts 2.0.1 Apache Struts 2.0.10 Apache Struts 2.0.2 Apache Struts 2.0.3 Apache Struts 2.1.0 Apache Struts 2.1.1 Apache Struts 2.2.1 Apache Struts 2.2.1.1 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.16 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.0.11.2 Apache Struts 2.0.12 Apache Struts 2.0.6 Apache Struts 2.0.7 Apache Struts 2.1.5 Apache Struts 2.1.6 Apache Struts 2.3.1 Apache Struts 2.3.1.1 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.4.1 Apache Struts 2.3.7 Apache Struts 2.0.11 Apache Struts 2.0.11.1 Apache Struts 2.0.4 Apache Struts 2.0.5 Apache Struts 2.1.2 Apache Struts 2.1.3 Apache Struts 2.1.4 Apache Struts 2.2.3 Apache Struts 2.2.3.1 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.0.0 Apache Struts 2.0.13 Apache Struts 2.0.14 Apache Struts 2.0.8 Apache Struts 2.0.9 Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.3.1.2 Apache Struts 2.3.12 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.8 Apache Struts 2.3.3 Apache Struts 2.3.45 Github repositories available

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook