Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache struts vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2012-0391
The ExceptionDelegator component in Apache Struts prior to 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote malicious users to execute arbitrary Java code via a crafted parameter...
Apache Struts
2 EDB exploits
6.8
CVSSv2
CVE-2012-0392
The CookieInterceptor component in Apache Struts prior to 2.3.1.1 does not use the parameter-name whitelist, which allows remote malicious users to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
Apache Struts
1 EDB exploit
6.8
CVSSv2
CVE-2012-0394
The DebuggingInterceptor component in Apache Struts prior to 2.3.1.1, when developer mode is used, allows remote malicious users to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
Apache Struts
2 EDB exploits
6.4
CVSSv2
CVE-2012-0393
The ParameterInterceptor component in Apache Struts prior to 2.3.1.1 does not prevent access to public constructors, which allows remote malicious users to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
Apache Struts
1 EDB exploit
2.6
CVSSv2
CVE-2011-1772
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x prior to 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote malicious users to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute...
Apache Struts 2.0.8
Apache Struts 2.0.6
Apache Struts 2.0.13
Apache Struts 2.0.12
Apache Struts 2.0.10
Apache Struts 2.0.0
Apache Struts 2.0.11.2
Apache Struts 2.0.11.1
Apache Struts 2.1.2
Apache Struts 2.0.14
Apache Struts 2.0.4
Apache Struts 2.0.7
Apache Struts 2.2.1.1
Apache Struts 2.0.11
Apache Struts 2.0.9
Apache Struts 2.2.1
Apache Struts 2.1.3
Apache Struts 2.1.0
Apache Struts 2.1.8
Apache Struts 2.1.8.1
Apache Struts 2.0.2
Apache Struts 2.0.5
1 EDB exploit
4.3
CVSSv2
CVE-2011-2087
Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x prior to 2.2.3 allow remote malicious users to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, re...
Apache Struts 2.1.4
Apache Struts 2.2.1
Apache Struts 2.1.3
Apache Struts 2.1.2
Apache Struts 2.0.14
Apache Struts 2.0.3
Apache Struts 2.0.2
Apache Struts 2.0.5
Apache Struts 2.2.1.1
Apache Struts 2.0.8
Apache Struts 2.1.5
Apache Struts 2.0.12
Apache Struts 2.1.1
Apache Struts 2.0.7
Apache Struts 2.0.0
Apache Struts 2.0.11
Apache Struts 2.0.9
Apache Struts 2.0.11.2
Apache Struts 2.1.0
Apache Struts 2.1.8
Apache Struts 2.1.8.1
Apache Struts 2.0.4
5
CVSSv2
CVE-2011-2088
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote malicious users to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerabil...
Opensymphony Xwork 2.2.1
Apache Struts 2.2.1
Opensymphony Xwork -
Opensymphony Webwork -
5
CVSSv2
CVE-2010-1870
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 up to and including 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote malicious users to modify server-side context objects an...
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.3
Apache Struts 2.0.11.2
Apache Struts 2.0.11.1
Apache Struts 2.0.10
Apache Struts 2.0.5
Apache Struts 2.0.2
Apache Struts 2.1.5
Apache Struts 2.1.4
Apache Struts 2.0.1
Apache Struts 2.1.3
Apache Struts 2.1.2
Apache Struts 2.0.7
Apache Struts 2.0.11
Apache Struts 2.0.14
Apache Struts 2.0.13
Apache Struts 2.1.1
Apache Struts 2.1.0
Apache Struts 2.0.0
Apache Struts 2.0.6
Apache Struts 2.0.4
2 EDB exploits
1 Article
4.3
CVSSv2
CVE-2008-2025
Cross-site scripting (XSS) vulnerability in Apache Struts prior to 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, prior to 1.2.9-108.2 on SUSE openSUSE 10.3, prior to 1.2.9-198.2 on SUSE openSUSE 11.0, and prior to 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote malicious ...
Apache Struts 1.1
Apache Struts 1.2.7
Apache Struts 1.2.8
Apache Struts 1.2.4
Apache Struts 1.0.2
6.8
CVSSv2
CVE-2009-1275
Apache Tiles 2.1 prior to 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote malicious users to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspe...
Apache Tiles 2.1.1
Apache Tiles 2.1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »