Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
struts vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2016-4465
The URLValidator class in Apache Struts 2 2.3.20 up to and including 2.3.28.1 and 2.5.x prior to 2.5.1 allows remote malicious users to cause a denial of service via a null value for a URL field.
Apache Struts 2.5
Apache Struts 2.3.28.1
Apache Struts 2.3.20
Apache Struts 2.3.20.3
Apache Struts 2.3.20.1
Apache Struts 2.3.28
Apache Struts 2.3.24.3
Apache Struts 2.3.24.1
Apache Struts 2.3.24
605
VMScore
CVE-2016-1181
ActionServlet.java in Apache Struts 1 1.x up to and including 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote malicious users to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related...
Oracle Banking Platform 2.4.1
Oracle Banking Platform 2.5.0
Oracle Portal 11.1.1.6
Oracle Banking Platform 2.3.0
Oracle Banking Platform 2.4.0
Apache Struts 1.0
Apache Struts 1.1
Apache Struts 1.2.3
Apache Struts 1.2.4
Apache Struts 1.2.5
Apache Struts 1.3.7
Apache Struts 1.3.8
Apache Struts 1.0.2
Apache Struts 1.2.1
Apache Struts 1.2.2
Apache Struts 1.3.5
Apache Struts 1.3.6
Apache Struts 1.2.6
Apache Struts 1.2.7
Apache Struts 1.3.9
Apache Struts 1.3.10
Apache Struts 1.0.1
1 Github repository
570
VMScore
CVE-2016-1182
ActionServlet.java in Apache Struts 1 1.x up to and including 1.3.10 does not properly restrict the Validator configuration, which allows remote malicious users to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-20...
Apache Struts 1.0
Apache Struts 1.1
Apache Struts 1.2.5
Apache Struts 1.2.6
Apache Struts 1.3.9
Apache Struts 1.3.10
Apache Struts 1.0.2
Apache Struts 1.2.1
Apache Struts 1.2.2
Apache Struts 1.2.9
Apache Struts 1.3.5
Apache Struts 1.2.3
Apache Struts 1.2.4
Apache Struts 1.3.7
Apache Struts 1.3.8
Apache Struts 1.3.6
Apache Struts 1.0.1
Apache Struts 1.2.0
Apache Struts 1.2.7
Apache Struts 1.2.8
1 Github repository
445
VMScore
CVE-2016-3093
Apache Struts 2.0.0 up to and including 2.3.24.1 does not properly cache method references when used with OGNL prior to 3.0.12, which allows remote malicious users to cause a denial of service (block access to a web site) via unspecified vectors.
Ognl Project Ognl
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
Apache Struts 2.0.11.1
Apache Struts 2.0.11.2
Apache Struts 2.0.12
Apache Struts 2.0.13
Apache Struts 2.0.14
Apache Struts 2.1.0
Apache Struts 2.1.1
Apache Struts 2.1.2
Apache Struts 2.1.3
761
VMScore
CVE-2016-3087
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote malicious users to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
Apache Struts 2.3.20.1
Apache Struts 2.3.20
Apache Struts 2.3.24.1
Apache Struts 2.3.24
Apache Struts 2.3.28
2 EDB exploits
3 Github repositories
936
VMScore
CVE-2016-3081
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote malicious users to execute arbitrary code via method: prefix, related to chained expressions.
Apache Struts 2.3.28
Apache Struts 2.3.4
Apache Struts 2.3.3
Apache Struts 2.3.15.1
Apache Struts 2.3.15
Apache Struts 2.3.1.1
Apache Struts 2.3.1
Apache Struts 2.1.6
Apache Struts 2.1.5
Apache Struts 2.0.7
Apache Struts 2.0.6
Apache Struts 2.0.12
Apache Struts 2.0.11.2
Apache Struts 2.3.24
Apache Struts 2.3.8
Apache Struts 2.3.16.2
Apache Struts 2.3.16.1
Apache Struts 2.3.16
Apache Struts 2.3.14.1
Apache Struts 2.3.14
Apache Struts 2.2.1.1
Apache Struts 2.2.1
1 EDB exploit
2 Github repositories
890
VMScore
CVE-2016-3082
XSLTResult in Apache Struts 2.x prior to 2.3.20.2, 2.3.24.x prior to 2.3.24.2, and 2.3.28.x prior to 2.3.28.1 allows remote malicious users to execute arbitrary code via the stylesheet location parameter.
Apache Struts 2.3.4.1
Apache Struts 2.3.4
Apache Struts 2.3.15.3
Apache Struts 2.3.15.2
Apache Struts 2.3.12
Apache Struts 2.3.1.2
Apache Struts 2.3.1.1
Apache Struts 2.1.8
Apache Struts 2.1.6
Apache Struts 2.0.9
Apache Struts 2.0.8
Apache Struts 2.0.13
Apache Struts 2.0.12
Apache Struts 2.3.8
Apache Struts 2.3.7
Apache Struts 2.3.16.1
Apache Struts 2.3.16
Apache Struts 2.3.14.1
Apache Struts 2.3.14
Apache Struts 2.2.1
Apache Struts 2.1.8.1
Apache Struts 2.1.1
383
VMScore
CVE-2016-4003
Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE prior to 1.8, as used in Apache Struts 2.x prior to 2.3.28, when using a single byte page encoding, allows remote malicious users to inject arbitrary web script or HTML via multi-byte characters in a url-e...
Apache Struts
802
VMScore
CVE-2016-0785
Apache Struts 2.x prior to 2.3.28 allows remote malicious users to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
Apache Struts
383
VMScore
CVE-2016-2162
Apache Struts 2.x prior to 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote malicious users to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.
Apache Struts 2.3.3
Apache Struts 2.3.24.1
Apache Struts 2.3.15.1
Apache Struts 2.3.15
Apache Struts 2.3.14.3
Apache Struts 2.3.1
Apache Struts 2.2.3.1
Apache Struts 2.1.5
Apache Struts 2.1.4
Apache Struts 2.0.9
Apache Struts 2.0.8
Apache Struts 2.0.7
Apache Struts 2.0.13
Apache Struts 2.0.12
Apache Struts 2.3.8
Apache Struts 2.3.7
Apache Struts 2.3.16.1
Apache Struts 2.3.16
Apache Struts 2.3.14
Apache Struts 2.3.12
Apache Struts 2.2.1
Apache Struts 2.1.8.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »