struts vulnerabilities and exploits

(subscribe to this query)

516

VMScore

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix....

Apache Struts 2.3.15 Apache Struts 2.3.14.3 Apache Struts 2.3.1 Apache Struts 2.2.3.1 Apache Struts 2.1.4 Apache Struts 2.1.3 Apache Struts 2.0.6 Apache Struts 2.0.5 Apache Struts 2.0.11.2 Apache Struts 2.0.11.1 Apache Struts 2.3.4 Apache Struts 2.3.3 Apache Struts 2.3.1.2 Apache Struts 2.3.1.1 Apache Struts 2.1.6 Apache Struts 2.1.5 Apache Struts 2.0.8 Apache Struts 2.0.7 Apache Struts 2.0.13 Apache Struts 2.0.12 Apache Struts 2.3.8 Apache Struts 2.3.14.2 Apache Struts 2.3.14.1 Apache Struts 2.2.3 Apache Struts 2.2.1.1 Apache Struts 2.1.2 Apache Struts 2.1.1 Apache Struts 2.0.4 Apache Struts 2.0.3 Apache Struts 2.0.11 Apache Struts 2.0.10 Apache Struts 2.0.1 Apache Struts 2.3.7 Apache Struts 2.3.4.1 Apache Struts 2.3.14 Apache Struts 2.3.12 Apache Struts 2.2.1 Apache Struts 2.1.8.1 Apache Struts 2.1.8 Apache Struts 2.1.0 Apache Struts 2.0.9 Apache Struts 2.0.2 Apache Struts 2.0.14 Apache Struts 2.0.0 Apache Struts 2.3.15.11 Article available

383

VMScore

Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display....

Apache Struts 2.3.3 Apache Struts 2.3.24.1 Apache Struts 2.3.15.1 Apache Struts 2.3.15 Apache Struts 2.3.14.3 Apache Struts 2.3.1 Apache Struts 2.2.3.1 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.0.9 Apache Struts 2.0.8 Apache Struts 2.0.7 Apache Struts 2.0.13 Apache Struts 2.0.12 Apache Struts 2.3.8 Apache Struts 2.3.7 Apache Struts 2.3.16.1 Apache Struts 2.3.16 Apache Struts 2.3.14 Apache Struts 2.3.12 Apache Struts 2.2.1 Apache Struts 2.1.8.1 Apache Struts 2.1.2 Apache Struts 2.1.1 Apache Struts 2.0.4 Apache Struts 2.0.3 Apache Struts 2.0.11 Apache Struts 2.0.10 Apache Struts 2.3.4.1 Apache Struts 2.3.4 Apache Struts 2.3.15.3 Apache Struts 2.3.15.2 Apache Struts 2.3.1.2 Apache Struts 2.3.1.1 Apache Struts 2.1.8 Apache Struts 2.1.6 Apache Struts 2.1.0 Apache Struts 2.1 Apache Struts 2.0.2 Apache Struts 2.0.14 Apache Struts 2.0.1 Apache Struts 2.0.0 Apache Struts 2.3.20 Apache Struts 2.3.24 Apache Struts 2.3.16.3 Apache Struts 2.3.16.2 Apache Struts 2.3.14.2 Apache Struts 2.3.14.1 Apache Struts 2.2.3 Apache Struts 2.2.1.1 Apache Struts 2.1.3 Apache Struts 2.1.2 Beta Apache Struts 2.0.6 Apache Struts 2.0.5 Apache Struts 2.0.11.2 Apache Struts 2.0.11.1

981

VMScore

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions....

Apache Struts 2.3.28 Apache Struts 2.3.4 Apache Struts 2.3.3 Apache Struts 2.3.15.1 Apache Struts 2.3.15 Apache Struts 2.3.1.1 Apache Struts 2.3.1 Apache Struts 2.1.6 Apache Struts 2.1.5 Apache Struts 2.0.7 Apache Struts 2.0.6 Apache Struts 2.0.12 Apache Struts 2.0.11.2 Apache Struts 2.3.24 Apache Struts 2.3.8 Apache Struts 2.3.16.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16 Apache Struts 2.3.14.1 Apache Struts 2.3.14 Apache Struts 2.2.1.1 Apache Struts 2.2.1 Apache Struts 2.1.1 Apache Struts 2.1.0 Apache Struts 2.0.3 Apache Struts 2.0.2 Apache Struts 2.0.10 Apache Struts 2.0.1 Apache Struts 2.3.7 Apache Struts 2.3.4.1 Apache Struts 2.3.15.3 Apache Struts 2.3.15.2 Apache Struts 2.3.12 Apache Struts 2.3.1.2 Apache Struts 2.1.8.1 Apache Struts 2.1.8 Apache Struts 2.0.9 Apache Struts 2.0.8 Apache Struts 2.0.14 Apache Struts 2.0.13 Apache Struts 2.0.0 Apache Struts 2.3.20 Apache Struts 2.3.24.1 Apache Struts 2.3.20.1 Apache Struts 2.3.16.3 Apache Struts 2.3.14.3 Apache Struts 2.3.14.2 Apache Struts 2.2.3.1 Apache Struts 2.2.3 Apache Struts 2.1.4 Apache Struts 2.1.3 Apache Struts 2.1.2 Apache Struts 2.0.5 Apache Struts 2.0.4 Apache Struts 2.0.11.1 Apache Struts 2.0.11 Oracle Siebel E-billing 7.11 EDB exploit available1 Metasploit module available20 Github repositories available

445

VMScore

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors....

Ognl Project Ognl Apache Struts 2.0.0 Apache Struts 2.0.1 Apache Struts 2.0.2 Apache Struts 2.0.3 Apache Struts 2.0.4 Apache Struts 2.0.5 Apache Struts 2.0.6 Apache Struts 2.0.7 Apache Struts 2.0.8 Apache Struts 2.0.9 Apache Struts 2.0.10 Apache Struts 2.0.11 Apache Struts 2.0.11.1 Apache Struts 2.0.11.2 Apache Struts 2.0.12 Apache Struts 2.0.13 Apache Struts 2.0.14 Apache Struts 2.1.0 Apache Struts 2.1.1 Apache Struts 2.1.2 Apache Struts 2.1.3 Apache Struts 2.1.4 Apache Struts 2.1.5 Apache Struts 2.1.6 Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.2.1 Apache Struts 2.2.1.1 Apache Struts 2.2.3 Apache Struts 2.2.3.1 Apache Struts 2.3.1 Apache Struts 2.3.1.1 Apache Struts 2.3.1.2 Apache Struts 2.3.4 Apache Struts 2.3.4.1 Apache Struts 2.3.7 Apache Struts 2.3.8 Apache Struts 2.3.12 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.16.3 Apache Struts 2.3.20 Apache Struts 2.3.20.1 Apache Struts 2.3.20.3 Apache Struts 2.3.24 Apache Struts 2.3.24.11 Github repository available

978

VMScore

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix....

Apache Struts 2.2.3.1 Apache Struts 2.3.4 Apache Struts 2.3.14.1 Apache Struts 2.0.8 Apache Struts 2.1.2 Apache Struts 2.0.14 Apache Struts 2.1.8.1 Apache Struts 2.2.1.1 Apache Struts 2.0.1 Apache Struts 2.0.3 Apache Struts 2.3.12 Apache Struts 2.3.1.2 Apache Struts 2.0.11.1 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.2.1 Apache Struts 2.1.3 Apache Struts 2.1.0 Apache Struts 2.1.8 Apache Struts 2.0.0 Apache Struts 2.3.1 Apache Struts 2.3.7 Apache Struts 2.3.14 Apache Struts 2.3.3 Apache Struts 2.0.11 Apache Struts 2.3.14.2 Apache Struts 2.0.6 Apache Struts 2.0.13 Apache Struts 2.0.12 Apache Struts 2.2.3 Apache Struts 2.0.4 Apache Struts 2.0.2 Apache Struts 2.0.5 Apache Struts 2.0.9 Apache Struts 2.0.11.2 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.1.6 Apache Struts 2.1.1 Apache Struts 2.0.7 Apache Struts 2.0.10 Apache Struts 2.3.1.1 Apache Struts 2.3.4.1 Apache Struts 2.3.81 EDB exploit available1 Metasploit module available46 Github repositories available

890

VMScore

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter....

Apache Struts 2.3.4.1 Apache Struts 2.3.4 Apache Struts 2.3.15.3 Apache Struts 2.3.15.2 Apache Struts 2.3.12 Apache Struts 2.3.1.2 Apache Struts 2.3.1.1 Apache Struts 2.1.8 Apache Struts 2.1.6 Apache Struts 2.0.9 Apache Struts 2.0.8 Apache Struts 2.0.13 Apache Struts 2.0.12 Apache Struts 2.3.8 Apache Struts 2.3.7 Apache Struts 2.3.16.1 Apache Struts 2.3.16 Apache Struts 2.3.14.1 Apache Struts 2.3.14 Apache Struts 2.2.1 Apache Struts 2.1.8.1 Apache Struts 2.1.1 Apache Struts 2.1.0 Apache Struts 2.0.3 Apache Struts 2.0.2 Apache Struts 2.0.14 Apache Struts 2.0.1 Apache Struts 2.0.0 Apache Struts 2.3.20.1 Apache Struts 2.3.20 Apache Struts 2.3.3 Apache Struts 2.3.28 Apache Struts 2.3.15.1 Apache Struts 2.3.15 Apache Struts 2.3.1 Apache Struts 2.2.3.1 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.0.7 Apache Struts 2.0.6 Apache Struts 2.0.11.2 Apache Struts 2.0.11.1 Apache Struts 2.3.24 Apache Struts 2.3.24.1 Apache Struts 2.3.16.3 Apache Struts 2.3.16.2 Apache Struts 2.3.14.3 Apache Struts 2.3.14.2 Apache Struts 2.2.3 Apache Struts 2.2.1.1 Apache Struts 2.1.3 Apache Struts 2.1.2 Apache Struts 2.0.5 Apache Struts 2.0.4 Apache Struts 2.0.11 Apache Struts 2.0.10

890

VMScore

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors....

Apache Struts 2.3.12 Apache Struts 2.3.1.2 Apache Struts 2.3.1.1 Apache Struts 2.3.1 Apache Struts 2.0.9 Apache Struts 2.0.8 Apache Struts 2.0.7 Apache Struts 2.0.6 Apache Struts 2.0.0 Apache Struts 2.3.15.1 Apache Struts 2.3.4.1 Apache Struts 2.3.4 Apache Struts 2.3.3 Apache Struts 2.3.15 Apache Struts 2.1.8.1 Apache Struts 2.1.8 Apache Struts 2.1.6 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.0.14 Apache Struts 2.0.13 Apache Struts 2.0.12 Apache Struts 2.0.11.2 Apache Struts 2.3.7 Apache Struts 2.3.14.3 Apache Struts 2.3.14.1 Apache Struts 2.2.3 Apache Struts 2.2.1 Apache Struts 2.1.2 Apache Struts 2.1.0 Apache Struts 2.0.5 Apache Struts 2.0.3 Apache Struts 2.0.11 Apache Struts 2.0.1 Apache Struts 2.3.8 Apache Struts 2.3.14.2 Apache Struts 2.3.14 Apache Struts 2.2.3.1 Apache Struts 2.2.1.1 Apache Struts 2.1.3 Apache Struts 2.1.1 Apache Struts 2.0.4 Apache Struts 2.0.2 Apache Struts 2.0.11.1 Apache Struts 2.0.10 Oracle Webcenter Sites 11.1.1.6.1 Oracle Flexcube Private Banking 3.0 Oracle Flexcube Private Banking 1.7 Oracle Mysql Enterprise Monitor Oracle Flexcube Private Banking 2.2.0.1 Oracle Flexcube Private Banking 12.0.1 Oracle Flexcube Private Banking 2.0.1 Oracle Webcenter Sites 11.1.1.8.0 Oracle Flexcube Private Banking 12.0.2 Oracle Flexcube Private Banking 2.03 Github repositories available1 Article available

607

VMScore

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism....

Apache Struts 2.0.1 Apache Struts 2.0.10 Apache Struts 2.0.11 Apache Struts 2.0.3 Apache Struts 2.0.4 Apache Struts 2.1.1 Apache Struts 2.1.2 Apache Struts 2.2.1.1 Apache Struts 2.2.3 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.0.12 Apache Struts 2.0.13 Apache Struts 2.0.7 Apache Struts 2.0.8 Apache Struts 2.1.5 Apache Struts 2.1.6 Apache Struts 2.3.1.1 Apache Struts 2.3.1.2 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.4 Apache Struts 2.3.4.1 Apache Struts 2.3.7 Apache Struts 2.0.11.1 Apache Struts 2.0.11.2 Apache Struts 2.0.5 Apache Struts 2.0.6 Apache Struts 2.1.3 Apache Struts 2.1.4 Apache Struts 2.2.3.1 Apache Struts 2.3.1 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.16.3 Apache Struts 2.3.3 Apache Struts 2.0.0 Apache Struts 2.0.14 Apache Struts 2.0.2 Apache Struts 2.0.9 Apache Struts 2.1.0 Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.2.1 Apache Struts 2.3.12 Apache Struts 2.3.14 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.86 Github repositories available

550

VMScore

The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the...

Apache Struts 2.0.8 Apache Struts 2.0.9 Apache Struts 2.0.3 Apache Struts 2.0.11.2 Apache Struts 2.0.11.1 Apache Struts 2.0.10 Apache Struts 2.0.5 Apache Struts 2.0.2 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.0.1 Apache Struts 2.1.3 Apache Struts 2.1.2 Apache Struts 2.0.7 Apache Struts 2.0.11 Apache Struts 2.0.14 Apache Struts 2.0.13 Apache Struts 2.1.1 Apache Struts 2.1.0 Apache Struts 2.0.0 Apache Struts 2.0.6 Apache Struts 2.0.4 Apache Struts 2.0.12 Apache Struts 2.1.6 Apache Struts 2.1.8 Apache Struts 2.1.8.12 EDB exploits available1 Metasploit module available11 Github repositories available2 Articles available

605

VMScore

Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors....

Apache Struts 2.3.28.1 Apache Struts 2.3.20 Apache Struts 2.3.20.3 Apache Struts 2.3.20.1 Apache Struts 2.3.28 Apache Struts 2.3.24.3 Apache Struts 2.3.24.1 Apache Struts 2.3.24

Get Started

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook