Vulmon
Recent Vulnerabilities
Discussions
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
struts vulnerabilities and exploits
801
VMScore
CVE-2016-0785
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation....
Apache
Struts
890
VMScore
CVE-2016-3082
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter....
Apache
Struts
383
VMScore
CVE-2013-6348
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/....
Apache
Struts
383
VMScore
CVE-2017-7672
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12....
Apache
Struts
1 Github repository available
2 Articles available
445
VMScore
CVE-2016-4431
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method....
Apache
Struts
980
VMScore
CVE-2012-0391
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter....
Apache
Struts
2 EDB exploits available
1 Metasploit module available
446
VMScore
CVE-2018-1327
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described...
Apache
Struts
4 Github repositories available
668
VMScore
CVE-2015-1831
The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors....
Apache
Struts
668
VMScore
CVE-2016-6795
In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side....
Apache
Struts
829
VMScore
CVE-2013-2135
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice....
Apache
Struts
2 Github repositories available
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2019-20398
CVE-2019-19363
CVE-2020-7939
zonedirector 1200 firmware
CVE-2020-0601
information disclosure
CVE-2011-3622
libyang
path traversal
type confusion
CVE-2007-6758
ruckuswireless
cesnet
1
2
3
4
5
NEXT »
Vulmon