Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
struts vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2013-1965
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect....
4 Github repositories available
4.3
CVSSv2
CVE-2015-5169
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20....
4.3
CVSSv2
CVE-2015-2992
Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability....
5
CVSSv2
CVE-2015-0899
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter....
1 Github repository available
5.8
CVSSv2
CVE-2013-4310
Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix....
1 Article available
6.8
CVSSv2
CVE-2007-4556
Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of...
5
CVSSv2
CVE-2008-6505
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2)...
1 EDB exploit available
7.5
CVSSv2
CVE-2016-4438
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression....
2 Github repositories available
10
CVSSv2
CVE-2013-4316
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors....
1 Github repository available
1 Article available
5
CVSSv2
CVE-2013-5887
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect availability via unknown vectors related to Deployment....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2020-15372
CVE-2020-25145
CVE-2020-25139
CVE-2020-17382
path traversal
CVE-2020-7735
log injection
cpanel
CVE-2020-1895
« PREV
1
2
3
4
5
6
7
NEXT »
Vulmon