Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
struts vulnerabilities and exploits
(subscribe to this query)
511
VMScore
CVE-2014-0094
The ParametersInterceptor in Apache Struts prior to 2.3.16.2 allows remote malicious users to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
Apache Struts
2 EDB exploits
4 Github repositories
510
VMScore
CVE-2010-1870
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 up to and including 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote malicious users to modify server-side context objects an...
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.3
Apache Struts 2.0.11.2
Apache Struts 2.0.11.1
Apache Struts 2.0.10
Apache Struts 2.0.5
Apache Struts 2.0.2
Apache Struts 2.1.5
Apache Struts 2.1.4
Apache Struts 2.0.1
Apache Struts 2.1.3
Apache Struts 2.1.2
Apache Struts 2.0.7
Apache Struts 2.0.11
Apache Struts 2.0.14
Apache Struts 2.0.13
Apache Struts 2.1.1
Apache Struts 2.1.0
Apache Struts 2.0.0
Apache Struts 2.0.6
Apache Struts 2.0.4
2 EDB exploits
1 Article
505
VMScore
CVE-2011-5057
Apache Struts 2.3.1.2 and previous versions, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote malicious users to modify run-time data values via a crafted parameter to an a...
Apache Struts
1 EDB exploit
505
VMScore
CVE-2008-6504
ParametersInterceptor in OpenSymphony XWork 2.0.x prior to 2.0.6 and 2.1.x prior to 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote malicious users to execute Object-Graph Navigation ...
Opensymphony Xwork 2.0.5
Opensymphony Xwork 2.1.0
Opensymphony Xwork 2.0.1
Opensymphony Xwork 2.0.2
Opensymphony Xwork 2.0.0
Opensymphony Xwork 2.1.1
Opensymphony Xwork 2.0.3
Opensymphony Xwork 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.6
Apache Struts 2.0.0
Apache Struts 2.0.2
Apache Struts 2.0.9
Apache Struts 2.0.11
Apache Struts 2.0.7
Apache Struts 2.0.8
Apache Struts 2.0.3
Apache Struts 2.0.4
Apache Struts 2.0.11.1
Apache Struts 2.0.11.2
1 EDB exploit
505
VMScore
CVE-2008-6505
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x prior to 2.0.12 and 2.1.x prior to 2.1.3 allow remote malicious users to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) ...
Apache Struts 2.0.11.1
Apache Struts 2.0.11.2
Apache Struts 2.0.6
Apache Struts 2.0.8
Apache Struts 2.1.2 Beta
Apache Struts 2.0.9
Apache Struts 2.0.11
1 EDB exploit
446
VMScore
CVE-2017-9793
The REST Plugin in Apache Struts 2.1.x, 2.3.7 up to and including 2.3.33 and 2.5 up to and including 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
Apache Struts 2.5.10.1
Apache Struts 2.3.12
Apache Struts 2.3.13
Apache Struts 2.3.15.2
Apache Struts 2.3.15.3
Apache Struts 2.3.16
Apache Struts 2.3.20.1
Apache Struts 2.3.20.2
Apache Struts 2.3.26
Apache Struts 2.3.27
Apache Struts 2.5
Apache Struts 2.5.5
Apache Struts 2.5.6
Apache Struts 2.3.8
Apache Struts 2.3.9
Apache Struts 2.3.14.2
Apache Struts 2.3.14.3
Apache Struts 2.3.16.3
Apache Struts 2.3.17
Apache Struts 2.3.23
Apache Struts 2.3.24.2
Apache Struts 2.3.29
3 Github repositories
1 Article
446
VMScore
CVE-2017-9787
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.
Apache Struts 2.5.9
Apache Struts 2.3.28
Apache Struts 2.3.20.2
Apache Struts 2.3.15
Apache Struts 2.3.25
Apache Struts 2.5.2
Apache Struts 2.3.14
Apache Struts 2.3.32
Apache Struts 2.3.13
Apache Struts 2.3.16
Apache Struts 2.3.24.2
Apache Struts 2.3.17
Apache Struts 2.5.10
Apache Struts 2.3.24.1
Apache Struts 2.3.22
Apache Struts 2.5.6
Apache Struts 2.3.9
Apache Struts 2.3.16.3
Apache Struts 2.3.23
Apache Struts 2.3.24.3
Apache Struts 2.3.15.2
Apache Struts 2.3.29
1 Article
446
VMScore
CVE-2011-2088
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote malicious users to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerabil...
Opensymphony Xwork 2.2.1
Apache Struts 2.2.1
Opensymphony Xwork -
Opensymphony Webwork -
445
VMScore
CVE-2019-0233
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
Apache Struts
Oracle Communications Policy Management 12.5.0
Oracle Financial Services Data Integration Hub 8.0.3
Oracle Financial Services Data Integration Hub 8.0.6
Oracle Financial Services Market Risk Measurement And Management 8.0.6
Oracle Mysql Enterprise Monitor
1 Article
445
VMScore
CVE-2018-1327
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here...
Apache Struts
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »