apache struts 2.5.10 vulnerabilities and exploits

(subscribe to this query)

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12....

Apache Struts 2.5 Apache Struts 2.5.5 Apache Struts 2.5.8 Apache Struts 2.5.10 Apache Struts 2.5.2 Apache Struts 2.5.1 Apache Struts 2.5.10.11 Github repository available3 Articles available

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33....

Apache Struts 2.3.12 Apache Struts 2.3.13 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.20.1 Apache Struts 2.3.20.2 Apache Struts 2.3.24.2 Apache Struts 2.3.24.3 Apache Struts 2.3.30 Apache Struts 2.3.31 Apache Struts 2.3.32 Apache Struts 2.5.6 Apache Struts 2.5.7 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.16 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.20.3 Apache Struts 2.3.21 Apache Struts 2.3.25 Apache Struts 2.3.26 Apache Struts 2.5 Apache Struts 2.5.1 Apache Struts 2.5.8 Apache Struts 2.5.9 Apache Struts 2.3.10 Apache Struts 2.3.11 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.24 Apache Struts 2.3.24.1 Apache Struts 2.3.28.1 Apache Struts 2.3.29 Apache Struts 2.5.4 Apache Struts 2.5.5 Apache Struts 2.3.7 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.3.16.3 Apache Struts 2.3.17 Apache Struts 2.3.22 Apache Struts 2.3.23 Apache Struts 2.3.27 Apache Struts 2.3.28 Apache Struts 2.5.2 Apache Struts 2.5.3 Apache Struts 2.5.10 Apache Struts 2.5.10.12 Github repositories available3 Articles available

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. ...

Apache Struts 2.5.12 Apache Struts 2.3.7 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.21 Apache Struts 2.3.22 Apache Struts 2.3.28.1 Apache Struts 2.3.29 Apache Struts 2.5 Apache Struts 2.5.7 Apache Struts 2.5.8 Apache Struts 2.3.10 Apache Struts 2.3.11 Apache Struts 2.3.12 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.25 Apache Struts 2.3.26 Apache Struts 2.3.32 Apache Struts 2.3.33 Apache Struts 2.5.3 Apache Struts 2.5.4 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.16.3 Apache Struts 2.3.17 Apache Struts 2.3.23 Apache Struts 2.3.24.2 Apache Struts 2.3.24.3 Apache Struts 2.3.30 Apache Struts 2.3.31 Apache Struts 2.5.1 Apache Struts 2.5.2 Apache Struts 2.5.9 Apache Struts 2.5.10 Apache Struts 2.5.10.1 Apache Struts 2.3.13 Apache Struts 2.3.14 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.20.1 Apache Struts 2.3.20.2 Apache Struts 2.3.27 Apache Struts 2.3.28 Apache Struts 2.5.5 Apache Struts 2.5.63 Github repositories available4 Articles available

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,...

Apache Struts 2.3.11 Apache Struts 2.3.12 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.20.1 Apache Struts 2.3.24.1 Apache Struts 2.3.24.2 Apache Struts 2.3.29 Apache Struts 2.3.30 Apache Struts 2.3.10 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.16.3 Apache Struts 2.3.17 Apache Struts 2.3.23 Apache Struts 2.3.24 Apache Struts 2.3.28 Apache Struts 2.3.28.1 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.13 Apache Struts 2.3.14 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.20.2 Apache Struts 2.3.20.3 Apache Struts 2.3.24.3 Apache Struts 2.3.25 Apache Struts 2.3.31 Apache Struts 2.3.5 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.21 Apache Struts 2.3.22 Apache Struts 2.3.26 Apache Struts 2.3.27 Apache Struts 2.3.6 Apache Struts 2.3.7 Apache Struts 2.5.4 Apache Struts 2.5.6 Apache Struts 2.5.7 Apache Struts 2.5.10 Apache Struts 2.5.3 Apache Struts 2.5.5 Apache Struts 2.5.8 Apache Struts 2.5.9 Apache Struts 2.5 Apache Struts 2.5.1 Apache Struts 2.5.22 EDB exploits available1 Metasploit module available85 Github repositories available6 Articles available

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload....

Apache Struts 2.5.10.1 Apache Struts 2.3.12 Apache Struts 2.3.13 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.20.1 Apache Struts 2.3.20.2 Apache Struts 2.3.26 Apache Struts 2.3.27 Apache Struts 2.5 Apache Struts 2.5.5 Apache Struts 2.5.6 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.3.16.3 Apache Struts 2.3.17 Apache Struts 2.3.23 Apache Struts 2.3.24.2 Apache Struts 2.3.29 Apache Struts 2.3.30 Apache Struts 2.5.1 Apache Struts 2.5.2 Apache Struts 2.5.9 Apache Struts 2.5.10 Apache Struts 2.5.12 Apache Struts 2.3.7 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.21 Apache Struts 2.3.22 Apache Struts 2.3.28 Apache Struts 2.3.28.1 Apache Struts 2.5.7 Apache Struts 2.5.8 Apache Struts 2.3.10 Apache Struts 2.3.11 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.24.3 Apache Struts 2.3.25 Apache Struts 2.3.31 Apache Struts 2.3.32 Apache Struts 2.3.33 Apache Struts 2.5.3 Apache Struts 2.5.45 Github repositories available4 Articles available

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads....

Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.3.1.2 Apache Struts 2.3.3 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.3.16.2 Apache Struts 2.3.16.3 Apache Struts 2.3.28 Apache Struts 2.3.28.1 Apache Struts 2.5.3 Apache Struts 2.5.4 Apache Struts 2.5.10.1 Apache Struts 2.5.11 Apache Struts 2.1.2 Apache Struts 2.2.1 Apache Struts 2.2.1.1 Apache Struts 2.3.4 Apache Struts 2.3.4.1 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.20 Apache Struts 2.3.20.1 Apache Struts 2.3.29 Apache Struts 2.3.30 Apache Struts 2.5.5 Apache Struts 2.5.6 Apache Struts 2.5.12 Apache Struts 2.1.5 Apache Struts 2.1.6 Apache Struts 2.3.1 Apache Struts 2.3.1.1 Apache Struts 2.3.12 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.16 Apache Struts 2.3.16.1 Apache Struts 2.3.24.1 Apache Struts 2.3.24.3 Apache Struts 2.3.33 Apache Struts 2.5.1 Apache Struts 2.5.2 Apache Struts 2.5.9 Apache Struts 2.5.10 Apache Struts 2.1.3 Apache Struts 2.1.4 Apache Struts 2.2.3 Apache Struts 2.2.3.1 Apache Struts 2.3.7 Apache Struts 2.3.8 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.20.3 Apache Struts 2.3.24 Apache Struts 2.3.31 Apache Struts 2.3.32 Apache Struts 2.5.7 Apache Struts 2.5.81 EDB exploit available1 Metasploit module available76 Github repositories available13 Articles available

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack....

Apache Struts 2.0.3 Apache Struts 2.0.5 Apache Struts 2.0.11.1 Apache Struts 2.0.12 Apache Struts 2.1.4 Apache Struts 2.1.6 Apache Struts 2.2.3 Apache Struts 2.3.1 Apache Struts 2.3.6 Apache Struts 2.3.8 Apache Struts 2.3.14.1 Apache Struts 2.3.14.3 Apache Struts 2.3.16 Apache Struts 2.3.16.2 Apache Struts 2.3.17 Apache Struts 2.3.21 Apache Struts 2.0.1 Apache Struts 2.0.2 Apache Struts 2.0.14 Apache Struts 2.1.0 Apache Struts 2.1.1 Apache Struts 2.1.2 Apache Struts 2.3.1.2 Apache Struts 2.3.3 Apache Struts 2.3.4 Apache Struts 2.3.4.1 Apache Struts 2.3.5 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.24.3 Apache Struts 2.3.25 Apache Struts 2.3.26 Apache Struts 2.3.27 Apache Struts 2.5.3 Apache Struts 2.5.4 Apache Struts 2.5.5 Apache Struts 2.5.6 Apache Struts 2.0.7 Apache Struts 2.0.8 Apache Struts 2.0.9 Apache Struts 2.0.10 Apache Struts 2.0.11 Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.2.1 Apache Struts 2.2.1.1 Apache Struts 2.3.10 Apache Struts 2.3.11 Apache Struts 2.3.12 Apache Struts 2.3.13 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.20.1 Apache Struts 2.3.20.2 Apache Struts 2.3.31 Apache Struts 2.3.32 Apache Struts 2.3.33 Apache Struts 2.5 Apache Struts 2.3.23 Apache Struts 2.3.28.1 Apache Struts 2.3.30 Apache Struts 2.5.2 Apache Struts 2.5.7 Apache Struts 2.5.9 Apache Struts 2.0.4 Apache Struts 2.0.6 Apache Struts 2.0.11.2 Apache Struts 2.0.13 Apache Struts 2.1.3 Apache Struts 2.1.5 Apache Struts 2.2.3.1 Apache Struts 2.3.1.1 Apache Struts 2.3.7 Apache Struts 2.3.9 Apache Struts 2.3.14 Apache Struts 2.3.14.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16.3 Apache Struts 2.3.22 Apache Struts 2.3.24.2 Apache Struts 2.3.28 Apache Struts 2.3.29 Apache Struts 2.5.1 Apache Struts 2.5.8 Apache Struts 2.5.1020 Github repositories available4 Articles available

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook