Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache struts 2.0.3 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2016-2162
Apache Struts 2.x prior to 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote malicious users to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
10
CVSSv2
CVE-2016-3082
XSLTResult in Apache Struts 2.x prior to 2.3.20.2, 2.3.24.x prior to 2.3.24.2, and 2.3.28.x prior to 2.3.28.1 allows remote malicious users to execute arbitrary code via the stylesheet location parameter.
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
5
CVSSv2
CVE-2016-3093
Apache Struts 2.0.0 up to and including 2.3.24.1 does not properly cache method references when used with OGNL prior to 3.0.12, which allows remote malicious users to cause a denial of service (block access to a web site) via unspecified vectors.
Ognl Project Ognl
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
7.5
CVSSv2
CVE-2016-4436
Apache Struts 2 prior to 2.3.29 and 2.5.x prior to 2.5.1 allow malicious users to have unspecified impact via vectors related to improper action name clean up.
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.11
Apache Struts 2.0.11.1
6.5
CVSSv2
CVE-2016-3090
The TextParseUtil.translateVariables method in Apache Struts 2.x prior to 2.3.20 allows remote malicious users to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
Apache Struts 2.0.11.1
9.3
CVSSv2
CVE-2016-3081
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote malicious users to execute arbitrary code via method: prefix, related to chained expressions.
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
1 EDB exploit
1 Github repository
5
CVSSv2
CVE-2015-5209
Apache Struts 2.x prior to 2.3.24.1 allows remote malicious users to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
10
CVSSv2
CVE-2013-4316
Apache Struts 2.0.0 up to and including 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
7.5
CVSSv2
CVE-2017-12611
In Apache Struts 2.0.0 up to and including 2.3.33 and 2.5 up to and including 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
Apache Struts 2.0.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.10
Apache Struts 2.0.11
Apache Struts 2.0.11.1
1 Github repository
1 Article
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
desktop browser
urbancode velocity
CVE-2024-57932
CVE-2025-21655
CVE-2024-12084
CVE-2023-34960
unauthorized
CSRF
CVE-2024-57913
privilege
CVE-2025-21649
itsourcecode
cp-xr-de21-s router
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2