struts vulnerabilities and exploits

(subscribe to this query)

NA

Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an...

7.5

CVSSv3

Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object....

Apache Struts 2.0.0 Apache Struts 2.0.1 Apache Struts 2.0.8 Apache Struts 2.0.9 Apache Struts 2.1.0 Apache Struts 2.1.1 Apache Struts 2.1.8.1 Apache Struts 2.2.1 Apache Struts 2.3.3 Apache Struts 2.3.4 Apache Struts 2.3.4.1 Apache Struts 2.3.11 Apache Struts 2.3.12 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.20 Apache Struts 2.3.20.1 Apache Struts 2.0.2 Apache Struts 2.0.3 Apache Struts 2.0.10 Apache Struts 2.0.11 Apache Struts 2.0.11.1 Apache Struts 2.1.2 Apache Struts 2.1.3 Apache Struts 2.2.1.1 Apache Struts 2.2.3 Apache Struts 2.3.5 Apache Struts 2.3.6 Apache Struts 2.3.13 Apache Struts 2.3.14 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.20.2 Apache Struts 2.3.21 Apache Struts 2.3.24 Apache Struts 2.0.6 Apache Struts 2.0.7 Apache Struts 2.0.13 Apache Struts 2.0.14 Apache Struts 2.1.6 Apache Struts 2.1.8 Apache Struts 2.3.1.1 Apache Struts 2.3.1.2 Apache Struts 2.3.9 Apache Struts 2.3.10 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.16.3 Apache Struts 2.3.17 Apache Struts 2.3.19 Apache Struts 2.0.4 Apache Struts 2.0.5 Apache Struts 2.0.11.2 Apache Struts 2.0.12 Apache Struts 2.1.4 Apache Struts 2.1.5 Apache Struts 2.2.3.1 Apache Struts 2.3.1 Apache Struts 2.3.7 Apache Struts 2.3.8 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.22 Apache Struts 2.3.23

9.8

CVSSv3

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack....

Apache Struts 2.0.3 Apache Struts 2.0.5 Apache Struts 2.0.11.1 Apache Struts 2.0.12 Apache Struts 2.1.4 Apache Struts 2.1.6 Apache Struts 2.2.3 Apache Struts 2.3.1 Apache Struts 2.3.6 Apache Struts 2.3.8 Apache Struts 2.3.14.1 Apache Struts 2.3.14.3 Apache Struts 2.3.16 Apache Struts 2.3.16.2 Apache Struts 2.3.17 Apache Struts 2.3.21 Apache Struts 2.0.1 Apache Struts 2.0.2 Apache Struts 2.0.14 Apache Struts 2.1.0 Apache Struts 2.1.1 Apache Struts 2.1.2 Apache Struts 2.3.1.2 Apache Struts 2.3.3 Apache Struts 2.3.4 Apache Struts 2.3.4.1 Apache Struts 2.3.5 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.24.3 Apache Struts 2.3.25 Apache Struts 2.3.26 Apache Struts 2.3.27 Apache Struts 2.5.3 Apache Struts 2.5.4 Apache Struts 2.5.5 Apache Struts 2.5.6 Apache Struts 2.0.7 Apache Struts 2.0.8 Apache Struts 2.0.9 Apache Struts 2.0.10 Apache Struts 2.0.11 Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.2.1 Apache Struts 2.2.1.1 Apache Struts 2.3.10 Apache Struts 2.3.11 Apache Struts 2.3.12 Apache Struts 2.3.13 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.20.1 Apache Struts 2.3.20.2 Apache Struts 2.3.31 Apache Struts 2.3.32 Apache Struts 2.3.33 Apache Struts 2.5 Apache Struts 2.3.23 Apache Struts 2.3.28.1 Apache Struts 2.3.30 Apache Struts 2.5.2 Apache Struts 2.5.7 Apache Struts 2.5.9 Apache Struts 2.0.4 Apache Struts 2.0.6 Apache Struts 2.0.11.2 Apache Struts 2.0.13 Apache Struts 2.1.3 Apache Struts 2.1.5 Apache Struts 2.2.3.1 Apache Struts 2.3.1.1 Apache Struts 2.3.7 Apache Struts 2.3.9 Apache Struts 2.3.14 Apache Struts 2.3.14.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16.3 Apache Struts 2.3.22 Apache Struts 2.3.24.2 Apache Struts 2.3.28 Apache Struts 2.3.29 Apache Struts 2.5.1 Apache Struts 2.5.8 Apache Struts 2.5.1020 Github repositories available4 Articles available

7.5

CVSSv3

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33....

Apache Struts 2.3.12 Apache Struts 2.3.13 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.20.1 Apache Struts 2.3.20.2 Apache Struts 2.3.24.2 Apache Struts 2.3.24.3 Apache Struts 2.3.30 Apache Struts 2.3.31 Apache Struts 2.3.32 Apache Struts 2.5.6 Apache Struts 2.5.7 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.16 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.20.3 Apache Struts 2.3.21 Apache Struts 2.3.25 Apache Struts 2.3.26 Apache Struts 2.5 Apache Struts 2.5.1 Apache Struts 2.5.8 Apache Struts 2.5.9 Apache Struts 2.3.10 Apache Struts 2.3.11 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.24 Apache Struts 2.3.24.1 Apache Struts 2.3.28.1 Apache Struts 2.3.29 Apache Struts 2.5.4 Apache Struts 2.5.5 Apache Struts 2.3.7 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.3.16.3 Apache Struts 2.3.17 Apache Struts 2.3.22 Apache Struts 2.3.23 Apache Struts 2.3.27 Apache Struts 2.3.28 Apache Struts 2.5.2 Apache Struts 2.5.3 Apache Struts 2.5.10 Apache Struts 2.5.10.12 Github repositories available3 Articles available

7.5

CVSSv3

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. ...

Apache Struts 2.5.12 Apache Struts 2.3.7 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.21 Apache Struts 2.3.22 Apache Struts 2.3.28.1 Apache Struts 2.3.29 Apache Struts 2.5 Apache Struts 2.5.7 Apache Struts 2.5.8 Apache Struts 2.3.10 Apache Struts 2.3.11 Apache Struts 2.3.12 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.25 Apache Struts 2.3.26 Apache Struts 2.3.32 Apache Struts 2.3.33 Apache Struts 2.5.3 Apache Struts 2.5.4 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.16.3 Apache Struts 2.3.17 Apache Struts 2.3.23 Apache Struts 2.3.24.2 Apache Struts 2.3.24.3 Apache Struts 2.3.30 Apache Struts 2.3.31 Apache Struts 2.5.1 Apache Struts 2.5.2 Apache Struts 2.5.9 Apache Struts 2.5.10 Apache Struts 2.5.10.1 Apache Struts 2.3.13 Apache Struts 2.3.14 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.20.1 Apache Struts 2.3.20.2 Apache Struts 2.3.27 Apache Struts 2.3.28 Apache Struts 2.5.5 Apache Struts 2.5.63 Github repositories available4 Articles available

NA

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix....

Apache Struts 2.0.11.2 Apache Struts 2.0.11.1 Apache Struts 2.3.14.3 Apache Struts 2.1.4 Apache Struts 2.2.1 Apache Struts 2.1.1 Apache Struts 2.1.0 Apache Struts 2.3.1.1 Apache Struts 2.0.0 Apache Struts 2.3.8 Apache Struts 2.0.11 Apache Struts 2.0.9 Apache Struts 2.0.6 Apache Struts 2.1.5 Apache Struts 2.0.12 Apache Struts 2.1.6 Apache Struts 2.0.4 Apache Struts 2.0.7 Apache Struts 2.0.10 Apache Struts 2.0.5 Apache Struts 2.3.4.1 Apache Struts 2.3.7 Apache Struts 2.3.1.2 Apache Struts 2.2.3.1 Apache Struts 2.3.15 Apache Struts 2.3.14.1 Apache Struts 2.1.3 Apache Struts 2.1.2 Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.3.1 Apache Struts 2.0.1 Apache Struts 2.3.14 Apache Struts 2.3.12 Apache Struts 2.3.4 Apache Struts 2.3.3 Apache Struts 2.0.8 Apache Struts 2.3.14.2 Apache Struts 2.0.14 Apache Struts 2.0.13 Apache Struts 2.2.1.1 Apache Struts 2.2.3 Apache Struts 2.0.3 Apache Struts 2.0.21 EDB exploit available1 Github repository available

7.5

CVSSv3

The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter....

Apache Struts 1.3.10 Apache Struts 1.2.9 Apache Struts 1.1 Apache Struts 1.2.6 Apache Struts 1.2.4 Apache Struts 1.0.2 Apache Struts 1.0 Apache Struts 1.2.8 Apache Struts 1.2.7 Apache Struts 1.3.8 Apache Struts 1.3.5 Apache Struts 1.2.23 Github repositories available

NA

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression....

8.8

CVSSv3

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling....

Apache Struts 2.0.1 Apache Struts 2.0.2 Apache Struts 2.0.9 Apache Struts 2.0.10 Apache Struts 2.1.0 Apache Struts 2.1.1 Apache Struts 2.1.8.1 Apache Struts 2.2.1 Apache Struts 2.3.3 Apache Struts 2.3.4 Apache Struts 2.3.10 Apache Struts 2.3.11 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.19 Apache Struts 2.0.3 Apache Struts 2.0.4 Apache Struts 2.0.11 Apache Struts 2.0.11.1 Apache Struts 2.1.2 Apache Struts 2.1.3 Apache Struts 2.2.1.1 Apache Struts 2.2.3 Apache Struts 2.3.4.1 Apache Struts 2.3.5 Apache Struts 2.3.12 Apache Struts 2.3.13 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.0.5 Apache Struts 2.0.6 Apache Struts 2.0.11.2 Apache Struts 2.0.12 Apache Struts 2.1.4 Apache Struts 2.1.5 Apache Struts 2.2.3.1 Apache Struts 2.3.1 Apache Struts 2.3.6 Apache Struts 2.3.7 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.0.7 Apache Struts 2.0.8 Apache Struts 2.0.13 Apache Struts 2.0.14 Apache Struts 2.1.6 Apache Struts 2.1.7 Apache Struts 2.1.8 Apache Struts 2.3.1.1 Apache Struts 2.3.1.2 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.16.3 Apache Struts 2.3.17

Get Started

« PREV 1 2 3 4 5 6 7 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook