Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache struts 2.0.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-31805
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted ...
Apache Struts
7 Github repositories
9.5
CVSSv4
CVE-2024-53677
File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: fro...
Apache Software Foundation Apache Struts
5 Github repositories
3 Articles
5
CVSSv2
CVE-2019-0233
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
Apache Struts
Oracle Communications Policy Management 12.5.0
Oracle Financial Services Data Integration Hub 8.0.3
Oracle Financial Services Data Integration Hub 8.0.6
Oracle Financial Services Market Risk Measurement And Management 8.0.6
Oracle Mysql Enterprise Monitor
1 Article
7.5
CVSSv2
CVE-2019-0230
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Apache Struts
Oracle Communications Policy Management 12.5.0
Oracle Financial Services Data Integration Hub 8.0.3
Oracle Financial Services Data Integration Hub 8.0.6
Oracle Financial Services Market Risk Measurement And Management 8.0.6
Oracle Mysql Enterprise Monitor
6 Github repositories
1 Article
9.3
CVSSv2
CVE-2013-2251
Apache Struts 2.0.0 up to and including 2.3.15 allows remote malicious users to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
Apache Archiva
Apache Archiva 1.2
Apache Archiva 1.2.2
Apache Struts
Fujitsu Interstage Business Process Manager Analytics 12.0
Fujitsu Interstage Business Process Manager Analytics 12.1
Fujitsu Gp7000f Firmware -
Fujitsu Primepower Firmware -
Fujitsu Gp-s Firmware -
Fujitsu Primergy Firmware -
Fujitsu Gp5000 Firmware -
Fujitsu Sparc Firmware -
1 EDB exploit
1 Github repository
7.5
CVSSv2
CVE-2020-17530
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
Apache Struts
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Communications Diameter Intelligence Hub 8.0.0
Oracle Communications Diameter Intelligence Hub 8.1.0
Oracle Communications Diameter Intelligence Hub 8.2.0
Oracle Communications Diameter Intelligence Hub 8.2.3
Oracle Communications Policy Management 12.5.0
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Financial Services Data Integration Hub 8.0.3
Oracle Financial Services Data Integration Hub 8.0.6
Oracle Hospitality Opera 5 5.6
12 Github repositories
1 Article
9.3
CVSSv2
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j
Apache Log4j 2.0
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Captial
Siemens Captial 2019.1
Siemens Comos
Siemens Desigo Cc Advanced Reports 4.0
Siemens Desigo Cc Advanced Reports 4.1
Siemens Desigo Cc Advanced Reports 4.2
Siemens Desigo Cc Advanced Reports 5.0
Siemens Desigo Cc Advanced Reports 5.1
Siemens Desigo Cc Info Center 5.0
2 Metasploit modules
794 Github repositories
29 Articles
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
desktop browser
urbancode velocity
CVE-2024-57932
CVE-2025-21655
CVE-2024-12084
CVE-2023-34960
unauthorized
CSRF
CVE-2024-57913
privilege
CVE-2025-21649
itsourcecode
cp-xr-de21-s router
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3