Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
struts vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-4431
Apache Struts 2 2.3.20 up to and including 2.3.28.1 allows remote malicious users to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.
Apache Struts 2.3.28
Apache Struts 2.3.20.1
Apache Struts 2.3.20
Apache Struts 2.3.24.3
Apache Struts 2.3.24.1
Apache Struts 2.3.24
Apache Struts 2.3.20.3
5
CVSSv2
CVE-2016-3093
Apache Struts 2.0.0 up to and including 2.3.24.1 does not properly cache method references when used with OGNL prior to 3.0.12, which allows remote malicious users to cause a denial of service (block access to a web site) via unspecified vectors.
Ognl Project Ognl
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
Apache Struts 2.0.11.1
Apache Struts 2.0.11.2
Apache Struts 2.0.12
Apache Struts 2.0.13
Apache Struts 2.0.14
Apache Struts 2.1.0
Apache Struts 2.1.1
Apache Struts 2.1.2
Apache Struts 2.1.3
5
CVSSv2
CVE-2014-0094
The ParametersInterceptor in Apache Struts prior to 2.3.16.2 allows remote malicious users to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
Apache Struts
2 EDB exploits
4 Github repositories
5
CVSSv2
CVE-2013-5531
Cisco Identity Services Engine (ISE) 1.x prior to 1.1.1 allows remote malicious users to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.
Cisco Identity Services Engine Software 1.1
Cisco Identity Services Engine Software 1.0
5
CVSSv2
CVE-2012-4387
Apache Struts 2.0.0 up to and including 2.3.4 allows remote malicious users to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
Apache Struts 2.0.6
Apache Struts 2.1.5
Apache Struts 2.0.12
Apache Struts 2.1.6
Apache Struts 2.0.4
Apache Struts 2.0.7
Apache Struts 2.3.1
Apache Struts 2.3.1.1
Apache Struts 2.0.11
Apache Struts 2.0.9
Apache Struts 2.1.3
Apache Struts 2.1.2
Apache Struts 2.1.8
Apache Struts 2.1.8.1
Apache Struts 2.0.1
Apache Struts 2.0.3
Apache Struts 2.0.2
Apache Struts 2.3.4
Apache Struts 2.0.11.2
Apache Struts 2.0.11.1
Apache Struts 2.0.8
Apache Struts 2.0.14
5
CVSSv2
CVE-2011-5057
Apache Struts 2.3.1.2 and previous versions, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote malicious users to modify run-time data values via a crafted parameter to an a...
Apache Struts
1 EDB exploit
5
CVSSv2
CVE-2011-2088
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote malicious users to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerabil...
Opensymphony Xwork 2.2.1
Apache Struts 2.2.1
Opensymphony Xwork -
Opensymphony Webwork -
5
CVSSv2
CVE-2010-1870
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 up to and including 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote malicious users to modify server-side context objects an...
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.3
Apache Struts 2.0.11.2
Apache Struts 2.0.11.1
Apache Struts 2.0.10
Apache Struts 2.0.5
Apache Struts 2.0.2
Apache Struts 2.1.5
Apache Struts 2.1.4
Apache Struts 2.0.1
Apache Struts 2.1.3
Apache Struts 2.1.2
Apache Struts 2.0.7
Apache Struts 2.0.11
Apache Struts 2.0.14
Apache Struts 2.0.13
Apache Struts 2.1.1
Apache Struts 2.1.0
Apache Struts 2.0.0
Apache Struts 2.0.6
Apache Struts 2.0.4
2 EDB exploits
1 Article
5
CVSSv2
CVE-2008-6504
ParametersInterceptor in OpenSymphony XWork 2.0.x prior to 2.0.6 and 2.1.x prior to 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote malicious users to execute Object-Graph Navigation ...
Opensymphony Xwork 2.0.5
Opensymphony Xwork 2.1.0
Opensymphony Xwork 2.0.1
Opensymphony Xwork 2.0.2
Opensymphony Xwork 2.0.0
Opensymphony Xwork 2.1.1
Opensymphony Xwork 2.0.3
Opensymphony Xwork 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.0
Apache Struts 2.0.2
Apache Struts 2.0.9
Apache Struts 2.0.11
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.11.1
Apache Struts 2.0.11.2
1 EDB exploit
5
CVSSv2
CVE-2008-6505
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x prior to 2.0.12 and 2.1.x prior to 2.1.3 allow remote malicious users to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) ...
Apache Struts 2.0.11.1
Apache Struts 2.0.11.2
Apache Struts 2.0.6
Apache Struts 2.0.8
Apache Struts 2.1.2 Beta
Apache Struts 2.0.9
Apache Struts 2.0.11
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »