Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache struts vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2015-2992
Apache Struts prior to 2.3.20 has a cross-site scripting (XSS) vulnerability.
Apache Struts
6.1
CVSSv3
CVE-2015-5169
Cross-site scripting (XSS) vulnerability in Apache Struts prior to 2.3.20.
Apache Struts
6.1
CVSSv3
CVE-2016-2162
Apache Struts 2.x prior to 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote malicious users to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.
Apache Struts 2.3.3
Apache Struts 2.3.24.1
Apache Struts 2.3.15.1
Apache Struts 2.3.15
Apache Struts 2.3.14.3
Apache Struts 2.3.1
Apache Struts 2.2.3.1
Apache Struts 2.1.5
Apache Struts 2.1.4
Apache Struts 2.0.9
Apache Struts 2.0.8
Apache Struts 2.0.7
Apache Struts 2.0.13
Apache Struts 2.0.12
Apache Struts 2.3.8
Apache Struts 2.3.7
Apache Struts 2.3.16.1
Apache Struts 2.3.16
Apache Struts 2.3.14
Apache Struts 2.3.12
Apache Struts 2.2.1
Apache Struts 2.1.8.1
6.1
CVSSv3
CVE-2016-4003
Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE prior to 1.8, as used in Apache Struts 2.x prior to 2.3.28, when using a single byte page encoding, allows remote malicious users to inject arbitrary web script or HTML via multi-byte characters in a url-e...
Apache Struts
5.9
CVSSv3
CVE-2016-8738
In Apache Struts 2.5 up to and including 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
Apache Struts 2.5
Apache Struts 2.5.5
Apache Struts 2.5.3
Apache Struts 2.5.4
Apache Struts 2.5.1
Apache Struts 2.5.2
5.9
CVSSv3
CVE-2017-7672
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.
Apache Struts 2.5.2
Apache Struts 2.5.10
Apache Struts 2.5.1
Apache Struts 2.5
Apache Struts 2.5.5
Apache Struts 2.5.10.1
Apache Struts 2.5.8
1 Github repository
1 Article
5.3
CVSSv3
CVE-2016-4465
The URLValidator class in Apache Struts 2 2.3.20 up to and including 2.3.28.1 and 2.5.x prior to 2.5.1 allows remote malicious users to cause a denial of service via a null value for a URL field.
Apache Struts 2.5
Apache Struts 2.3.28.1
Apache Struts 2.3.20
Apache Struts 2.3.20.3
Apache Struts 2.3.20.1
Apache Struts 2.3.28
Apache Struts 2.3.24.3
Apache Struts 2.3.24.1
Apache Struts 2.3.24
5.3
CVSSv3
CVE-2016-3093
Apache Struts 2.0.0 up to and including 2.3.24.1 does not properly cache method references when used with OGNL prior to 3.0.12, which allows remote malicious users to cause a denial of service (block access to a web site) via unspecified vectors.
Ognl Project Ognl
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
Apache Struts 2.0.11.1
Apache Struts 2.0.11.2
Apache Struts 2.0.12
Apache Struts 2.0.13
Apache Struts 2.0.14
Apache Struts 2.1.0
Apache Struts 2.1.1
Apache Struts 2.1.2
Apache Struts 2.1.3
NA
CVE-2015-1831
The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote malicious users to "compromise internal state of an application" via unspecified vectors.
Apache Struts 2.3.20
NA
CVE-2014-7809
Apache Struts 2.0.0 up to and including 2.3.x prior to 2.3.20 uses predictable <s:token/> values, which allows remote malicious users to bypass the CSRF protection mechanism.
Apache Struts 2.0.1
Apache Struts 2.0.10
Apache Struts 2.0.11
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.1.1
Apache Struts 2.1.2
Apache Struts 2.2.1.1
Apache Struts 2.2.3
Apache Struts 2.3.14.1
Apache Struts 2.3.14.2
Apache Struts 2.3.16.1
Apache Struts 2.3.16.2
Apache Struts 2.0.12
Apache Struts 2.0.13
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.1.5
Apache Struts 2.1.6
Apache Struts 2.3.1.1
Apache Struts 2.3.1.2
Apache Struts 2.3.15.1
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »