Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache struts vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-0230
There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156337262
Google Android -
6.1
CVSSv3
CVE-2015-2992
Apache Struts prior to 2.3.20 has a cross-site scripting (XSS) vulnerability.
Apache Struts
8.8
CVSSv3
CVE-2012-1592
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
Apache Struts 2.0.0
1 EDB exploit
9.8
CVSSv3
CVE-2011-3923
Apache Struts prior to 2.3.1.2 allows remote malicious users to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
Apache Struts
Redhat Jboss Enterprise Web Server 1.0.0
1 EDB exploit
1 Github repository
8.1
CVSSv3
CVE-2018-11776
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or...
Apache Struts
3 EDB exploits
45 Github repositories
3 Articles
7.5
CVSSv3
CVE-2018-1327
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here...
Apache Struts
1 Github repository
6.2
CVSSv3
CVE-2017-15707
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
Apache Struts
Netapp Oncommand Balance -
Oracle Weblogic Server 12.2.1.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Retail Xstore Point Of Service 7.1.6
Oracle Retail Xstore Point Of Service 7.0.6
Oracle Retail Xstore Point Of Service 6.5.11
Oracle Retail Xstore Point Of Service 15.0.1
Oracle Financial Services Market Risk Measurement And Management 8.0.5
Oracle Webcenter Portal 12.2.1.3.0
Oracle Webcenter Portal 12.2.1.2.0
Oracle Weblogic Server 12.2.1.3
Oracle Retail Xstore Point Of Service 16.0.2
Oracle Retail Order Broker 5.2
Oracle Enterprise Manager For Virtualization 13.2.2
Oracle Enterprise Manager For Virtualization 13.2.3
Oracle Financial Services Hedge Management And Ifrs Valuations 8.0.4
Oracle Financial Services Hedge Management And Ifrs Valuations 8.0.5
Oracle Global Lifecycle Management Opatchauto
Oracle Agile Plm Framework 9.3.6
8.8
CVSSv3
CVE-2016-3090
The TextParseUtil.translateVariables method in Apache Struts 2.x prior to 2.3.20 allows remote malicious users to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.
Apache Struts 2.3.1.1
Apache Struts 2.0.9
Apache Struts 2.3.5
Apache Struts 2.0.12
Apache Struts 2.2.3.1
Apache Struts 2.1.0
Apache Struts 2.3.15
Apache Struts 2.3.14
Apache Struts 2.0.8
Apache Struts 2.0.7
Apache Struts 2.0.4
Apache Struts 2.3.13
Apache Struts 2.2.1
Apache Struts 2.3.16
Apache Struts 2.3.17
Apache Struts 2.3.9
Apache Struts 2.1.8.1
Apache Struts 2.3.3
Apache Struts 2.3.16.3
Apache Struts 2.3.4
Apache Struts 2.1.3
Apache Struts 2.3.6
8.8
CVSSv3
CVE-2016-4461
Apache Struts 2.x prior to 2.3.29 allows remote malicious users to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.
Apache Struts
Netapp Oncommand Balance -
6.1
CVSSv3
CVE-2015-5169
Cross-site scripting (XSS) vulnerability in Apache Struts prior to 2.3.20.
Apache Struts
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »