Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
struts vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-22512
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Struts. The issue results from improper access control. An...
NA
CVE-2015-1831
The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote malicious users to "compromise internal state of an application" via unspecified vectors.
Apache Struts 2.3.20
NA
CVE-2014-7809
Apache Struts 2.0.0 up to and including 2.3.x prior to 2.3.20 uses predictable <s:token/> values, which allows remote malicious users to bypass the CSRF protection mechanism.
Apache Struts 2.0.1
Apache Struts 2.0.10
Apache Struts 2.0.11
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.1.1
Apache Struts 2.1.2
Apache Struts 2.2.1.1
Apache Struts 2.2.3
Apache Struts 2.3.14.1
Apache Struts 2.3.14.2
Apache Struts 2.3.16.1
Apache Struts 2.3.16.2
Apache Struts 2.0.12
Apache Struts 2.0.13
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.1.5
Apache Struts 2.1.6
Apache Struts 2.3.1.1
Apache Struts 2.3.1.2
Apache Struts 2.3.15.1
1 Github repository
NA
CVE-2014-0116
CookieInterceptor in Apache Struts 2.x prior to 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote malicious users to "manipulate" the ClassLoader and modify session state via a crafted reques...
Apache Struts 2.0.1
Apache Struts 2.0.10
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.1.0
Apache Struts 2.1.1
Apache Struts 2.2.1
Apache Struts 2.2.1.1
Apache Struts 2.3.14
Apache Struts 2.3.14.1
Apache Struts 2.3.16
Apache Struts 2.3.16.1
Apache Struts 2.3.16.2
Apache Struts 2.0.11.2
Apache Struts 2.0.12
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.1.5
Apache Struts 2.1.6
Apache Struts 2.3.1
Apache Struts 2.3.1.1
Apache Struts 2.3.15
NA
CVE-2014-0113
CookieInterceptor in Apache Struts prior to 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote malicious users to "manipulate" the ClassLoader and execute arbitrary code via a crafted request....
Apache Struts
1 EDB exploit
NA
CVE-2014-0094
The ParametersInterceptor in Apache Struts prior to 2.3.16.2 allows remote malicious users to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
Apache Struts
2 EDB exploits
4 Github repositories
NA
CVE-2013-6348
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote malicious users to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/.
Apache Struts 2.3.15.3
NA
CVE-2013-5530
The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 prior to 1.1.0.665-5, 1.1.1 prior to 1.1.1.268-7, 1.1.2 prior to 1.1.2.145-10, 1.1.3 prior to 1.1.3.124-7, 1.1.4 prior to 1.1.4.218-7, and 1.2 prior to 1.2.0.899-2 allows remote authenticated users to execute...
Cisco Identity Services Engine Software 1.1.3
Cisco Identity Services Engine Software 1.2
Cisco Identity Services Engine Software 1.1
Cisco Identity Services Engine Software 1.1.1
Cisco Identity Services Engine Software 1.1.2
Cisco Identity Services Engine Software 1.1.4
Cisco Identity Services Engine Software 1.0
NA
CVE-2013-5531
Cisco Identity Services Engine (ISE) 1.x prior to 1.1.1 allows remote malicious users to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.
Cisco Identity Services Engine Software 1.1
Cisco Identity Services Engine Software 1.0
NA
CVE-2013-4310
Apache Struts 2.0.0 up to and including 2.3.15.1 allows remote malicious users to bypass access controls via a crafted action: prefix.
Apache Struts 2.3.15
Apache Struts 2.3.14.3
Apache Struts 2.3.1
Apache Struts 2.2.3.1
Apache Struts 2.1.4
Apache Struts 2.1.3
Apache Struts 2.0.6
Apache Struts 2.0.5
Apache Struts 2.0.11.2
Apache Struts 2.0.11.1
Apache Struts 2.3.4
Apache Struts 2.3.3
Apache Struts 2.3.1.2
Apache Struts 2.3.1.1
Apache Struts 2.1.6
Apache Struts 2.1.5
Apache Struts 2.0.8
Apache Struts 2.0.7
Apache Struts 2.0.13
Apache Struts 2.0.12
Apache Struts 2.3.8
Apache Struts 2.3.14.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »