Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
struts vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-34396
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: up to and including 2.5.30, up to and including 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater
Apache Struts
7.5
CVSSv3
CVE-2019-0233
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
Apache Struts
Oracle Communications Policy Management 12.5.0
Oracle Financial Services Data Integration Hub 8.0.3
Oracle Financial Services Data Integration Hub 8.0.6
Oracle Financial Services Market Risk Measurement And Management 8.0.6
Oracle Mysql Enterprise Monitor
1 Article
7.5
CVSSv3
CVE-2018-1327
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here...
Apache Struts
1 Github repository
7.5
CVSSv3
CVE-2017-9793
The REST Plugin in Apache Struts 2.1.x, 2.3.7 up to and including 2.3.33 and 2.5 up to and including 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
Apache Struts 2.5.10.1
Apache Struts 2.3.12
Apache Struts 2.3.13
Apache Struts 2.3.15.2
Apache Struts 2.3.15.3
Apache Struts 2.3.16
Apache Struts 2.3.20.1
Apache Struts 2.3.20.2
Apache Struts 2.3.26
Apache Struts 2.3.27
Apache Struts 2.5
Apache Struts 2.5.5
Apache Struts 2.5.6
Apache Struts 2.3.8
Apache Struts 2.3.9
Apache Struts 2.3.14.2
Apache Struts 2.3.14.3
Apache Struts 2.3.16.3
Apache Struts 2.3.17
Apache Struts 2.3.23
Apache Struts 2.3.24.2
Apache Struts 2.3.29
3 Github repositories
1 Article
7.5
CVSSv3
CVE-2017-9804
In Apache Struts 2.3.7 up to and including 2.3.33 and 2.5 up to and including 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing v...
Apache Struts 2.5.12
Apache Struts 2.3.7
Apache Struts 2.3.14.1
Apache Struts 2.3.14.2
Apache Struts 2.3.16.1
Apache Struts 2.3.16.2
Apache Struts 2.3.21
Apache Struts 2.3.22
Apache Struts 2.3.28.1
Apache Struts 2.3.29
Apache Struts 2.5
Apache Struts 2.5.7
Apache Struts 2.5.8
Apache Struts 2.3.10
Apache Struts 2.3.11
Apache Struts 2.3.12
Apache Struts 2.3.15.1
Apache Struts 2.3.15.2
Apache Struts 2.3.19
Apache Struts 2.3.20
Apache Struts 2.3.25
Apache Struts 2.3.26
1 Github repository
1 Article
7.5
CVSSv3
CVE-2015-5209
Apache Struts 2.x prior to 2.3.24.1 allows remote malicious users to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.1.0
Apache Struts 2.1.1
Apache Struts 2.1.8.1
Apache Struts 2.2.1
Apache Struts 2.3.3
Apache Struts 2.3.4
Apache Struts 2.3.4.1
Apache Struts 2.3.11
Apache Struts 2.3.12
Apache Struts 2.3.15.1
Apache Struts 2.3.15.2
Apache Struts 2.3.20
Apache Struts 2.3.20.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.10
Apache Struts 2.0.11
Apache Struts 2.0.11.1
7.5
CVSSv3
CVE-2017-9787
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.
Apache Struts 2.5.9
Apache Struts 2.3.28
Apache Struts 2.3.20.2
Apache Struts 2.3.15
Apache Struts 2.3.25
Apache Struts 2.5.2
Apache Struts 2.3.14
Apache Struts 2.3.32
Apache Struts 2.3.13
Apache Struts 2.3.16
Apache Struts 2.3.24.2
Apache Struts 2.3.17
Apache Struts 2.5.10
Apache Struts 2.3.24.1
Apache Struts 2.3.22
Apache Struts 2.5.6
Apache Struts 2.3.9
Apache Struts 2.3.16.3
Apache Struts 2.3.23
Apache Struts 2.3.24.3
Apache Struts 2.3.15.2
Apache Struts 2.3.29
1 Article
7.5
CVSSv3
CVE-2015-0899
The MultiPageValidator implementation in Apache Struts 1 1.1 up to and including 1.3.10 allows remote malicious users to bypass intended access restrictions via a modified page parameter.
Apache Struts 1.3.10
Apache Struts 1.2.9
Apache Struts 1.1
Apache Struts 1.2.6
Apache Struts 1.2.4
Apache Struts 1.0.2
Apache Struts 1.0
Apache Struts 1.2.8
Apache Struts 1.2.7
Apache Struts 1.3.8
Apache Struts 1.3.5
Apache Struts 1.2.2
1 Github repository
7.5
CVSSv3
CVE-2016-4433
Apache Struts 2 2.3.20 up to and including 2.3.28.1 allows remote malicious users to bypass intended access restrictions and conduct redirection attacks via a crafted request.
Apache Struts 2.3.20.1
Apache Struts 2.3.20
Apache Struts 2.3.28
Apache Struts 2.3.24.3
Apache Struts 2.3.24.1
Apache Struts 2.3.24
Apache Struts 2.3.20.3
7.5
CVSSv3
CVE-2016-4431
Apache Struts 2 2.3.20 up to and including 2.3.28.1 allows remote malicious users to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.
Apache Struts 2.3.28
Apache Struts 2.3.20.1
Apache Struts 2.3.20
Apache Struts 2.3.24.3
Apache Struts 2.3.24.1
Apache Struts 2.3.24
Apache Struts 2.3.20.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »