Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache struts vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2014-7809
Apache Struts 2.0.0 up to and including 2.3.x prior to 2.3.20 uses predictable <s:token/> values, which allows remote malicious users to bypass the CSRF protection mechanism.
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
1 Github repository
9.8
CVSSv3
CVE-2016-3082
XSLTResult in Apache Struts 2.x prior to 2.3.20.2, 2.3.24.x prior to 2.3.24.2, and 2.3.28.x prior to 2.3.28.1 allows remote malicious users to execute arbitrary code via the stylesheet location parameter.
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
6.1
CVSSv3
CVE-2016-2162
Apache Struts 2.x prior to 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote malicious users to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
7.5
CVSSv3
CVE-2015-5209
Apache Struts 2.x prior to 2.3.24.1 allows remote malicious users to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
5.8
CVSSv2
CVE-2014-0116
CookieInterceptor in Apache Struts 2.x prior to 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote malicious users to "manipulate" the ClassLoader and modify session state via a crafted reques...
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
5.3
CVSSv3
CVE-2016-3093
Apache Struts 2.0.0 up to and including 2.3.24.1 does not properly cache method references when used with OGNL prior to 3.0.12, which allows remote malicious users to cause a denial of service (block access to a web site) via unspecified vectors.
Ognl Project Ognl
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
8.8
CVSSv3
CVE-2016-3090
The TextParseUtil.translateVariables method in Apache Struts 2.x prior to 2.3.20 allows remote malicious users to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
Apache Struts 2.0.11.1
9.8
CVSSv3
CVE-2017-9791
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
Apache Struts 2.3.1
Apache Struts 2.3.1.1
Apache Struts 2.3.1.2
Apache Struts 2.3.3
Apache Struts 2.3.4
Apache Struts 2.3.4.1
Apache Struts 2.3.7
Apache Struts 2.3.8
Apache Struts 2.3.12
Apache Struts 2.3.14
Apache Struts 2.3.14.1
Apache Struts 2.3.14.2
2 EDB exploits
7 Github repositories
1 Article
7.5
CVSSv3
CVE-2017-9787
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.
Apache Struts 2.3.7
Apache Struts 2.3.8
Apache Struts 2.3.9
Apache Struts 2.3.10
Apache Struts 2.3.11
Apache Struts 2.3.12
Apache Struts 2.3.13
Apache Struts 2.3.14
Apache Struts 2.3.14.1
Apache Struts 2.3.14.2
Apache Struts 2.3.14.3
Apache Struts 2.3.15
1 Article
6.8
CVSSv2
CVE-2012-4386
The token check mechanism in Apache Struts 2.0.0 up to and including 2.3.4 does not properly validate the token name configuration parameter, which allows remote malicious users to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter...
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-21317
CVE-2025-23940
buffer overflow
CVE-2025-21335
CVE-2025-23860
CVE-2024-57704
SSTI
wireless
CVE-2019-3309
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »