Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
struts vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-1547
ActionForm in Apache Software Foundation (ASF) Struts prior to 1.2.9 with BeanUtils 1.7 allows remote malicious users to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which prov...
Apache Struts
Apache Struts 1.2.7
1 Github repository
NA
CVE-2012-1006
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to st...
Apache Struts 2.0.14
Apache Struts 2.2.3
1 EDB exploit
10
CVSSv3
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x prior to 2.3.32 and 2.5.x prior to 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote malicious users to execute arbitrary commands via a crafted Content-Typ...
Apache Struts 2.3.5
Apache Struts 2.3.28
Apache Struts 2.3.20.2
Apache Struts 2.3.15
Apache Struts 2.3.25
Apache Struts 2.3.14
Apache Struts 2.3.13
Apache Struts 2.3.16
Apache Struts 2.3.24.2
Apache Struts 2.3.17
Apache Struts 2.3.24.1
Apache Struts 2.3.22
Apache Struts 2.3.9
Apache Struts 2.3.16.3
Apache Struts 2.3.23
Apache Struts 2.3.6
Apache Struts 2.3.24.3
Apache Struts 2.3.15.2
Apache Struts 2.3.29
Apache Struts 2.3.14.3
Apache Struts 2.3.19
Apache Struts 2.3.20.1
2 EDB exploits
2 Nmap scripts
148 Github repositories
15 Articles
NA
CVE-2013-2135
Apache Struts 2 prior to 2.3.14.3 allows remote malicious users to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
Apache Struts
9.8
CVSSv3
CVE-2021-31805
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted ...
Apache Struts
8 Github repositories
7.5
CVSSv3
CVE-2023-41835
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or ...
Apache Struts
6.1
CVSSv3
CVE-2016-4003
Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE prior to 1.8, as used in Apache Struts 2.x prior to 2.3.28, when using a single byte page encoding, allows remote malicious users to inject arbitrary web script or HTML via multi-byte characters in a url-e...
Apache Struts
NA
CVE-2014-0113
CookieInterceptor in Apache Struts prior to 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote malicious users to "manipulate" the ClassLoader and execute arbitrary code via a crafted request....
Apache Struts
1 EDB exploit
NA
CVE-2013-2134
Apache Struts 2 prior to 2.3.14.3 allows remote malicious users to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
Apache Struts
1 EDB exploit
6.5
CVSSv3
CVE-2023-34149
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: up to and including 2.5.30, up to and including 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.
Apache Struts
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »