Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
struts vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-34149
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: up to and including 2.5.30, up to and including 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.
Apache Struts
6.2
CVSSv3
CVE-2017-15707
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
Apache Struts
Netapp Oncommand Balance -
Oracle Retail Xstore Point Of Service 7.1.6
Oracle Retail Xstore Point Of Service 15.0.1
Oracle Retail Xstore Point Of Service 16.0.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.2.1.3
Oracle Enterprise Manager For Virtualization 13.2.3
Oracle Agile Plm Framework 9.3.6
Oracle Retail Xstore Point Of Service 6.5.11
Oracle Webcenter Portal 12.2.1.3.0
Oracle Global Lifecycle Management Opatchauto
Oracle Financial Services Hedge Management And Ifrs Valuations 8.0.4
Oracle Financial Services Hedge Management And Ifrs Valuations 8.0.5
Oracle Financial Services Market Risk Measurement And Management 8.0.5
Oracle Weblogic Server 12.2.1.2
Oracle Enterprise Manager For Virtualization 13.2.2
Oracle Retail Order Broker 5.2
Oracle Retail Xstore Point Of Service 7.0.6
Oracle Webcenter Portal 12.2.1.2.0
6.1
CVSSv3
CVE-2015-2992
Apache Struts prior to 2.3.20 has a cross-site scripting (XSS) vulnerability.
Apache Struts
6.1
CVSSv3
CVE-2015-5169
Cross-site scripting (XSS) vulnerability in Apache Struts prior to 2.3.20.
Apache Struts
6.1
CVSSv3
CVE-2016-4003
Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE prior to 1.8, as used in Apache Struts 2.x prior to 2.3.28, when using a single byte page encoding, allows remote malicious users to inject arbitrary web script or HTML via multi-byte characters in a url-e...
Apache Struts
6.1
CVSSv3
CVE-2016-2162
Apache Struts 2.x prior to 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote malicious users to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.
Apache Struts 2.3.3
Apache Struts 2.3.24.1
Apache Struts 2.3.15.1
Apache Struts 2.3.15
Apache Struts 2.3.14.3
Apache Struts 2.3.1
Apache Struts 2.2.3.1
Apache Struts 2.1.5
Apache Struts 2.1.4
Apache Struts 2.0.9
Apache Struts 2.0.8
Apache Struts 2.0.7
Apache Struts 2.0.13
Apache Struts 2.0.12
Apache Struts 2.3.8
Apache Struts 2.3.7
Apache Struts 2.3.16.1
Apache Struts 2.3.16
Apache Struts 2.3.14
Apache Struts 2.3.12
Apache Struts 2.2.1
Apache Struts 2.1.8.1
5.9
CVSSv3
CVE-2016-8738
In Apache Struts 2.5 up to and including 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
Apache Struts 2.5
Apache Struts 2.5.5
Apache Struts 2.5.3
Apache Struts 2.5.4
Apache Struts 2.5.1
Apache Struts 2.5.2
5.9
CVSSv3
CVE-2017-7672
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.
Apache Struts 2.5.2
Apache Struts 2.5.10
Apache Struts 2.5.1
Apache Struts 2.5
Apache Struts 2.5.5
Apache Struts 2.5.10.1
Apache Struts 2.5.8
1 Github repository
1 Article
5.3
CVSSv3
CVE-2016-4465
The URLValidator class in Apache Struts 2 2.3.20 up to and including 2.3.28.1 and 2.5.x prior to 2.5.1 allows remote malicious users to cause a denial of service via a null value for a URL field.
Apache Struts 2.5
Apache Struts 2.3.28.1
Apache Struts 2.3.20
Apache Struts 2.3.20.3
Apache Struts 2.3.20.1
Apache Struts 2.3.28
Apache Struts 2.3.24.3
Apache Struts 2.3.24.1
Apache Struts 2.3.24
5.3
CVSSv3
CVE-2016-3093
Apache Struts 2.0.0 up to and including 2.3.24.1 does not properly cache method references when used with OGNL prior to 3.0.12, which allows remote malicious users to cause a denial of service (block access to a web site) via unspecified vectors.
Ognl Project Ognl
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
Apache Struts 2.0.11.1
Apache Struts 2.0.11.2
Apache Struts 2.0.12
Apache Struts 2.0.13
Apache Struts 2.0.14
Apache Struts 2.1.0
Apache Struts 2.1.1
Apache Struts 2.1.2
Apache Struts 2.1.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »