struts vulnerabilities and exploits

(subscribe to this query)

5

CVSSv2

The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the...

Apache Struts 2.0.8 Apache Struts 2.0.9 Apache Struts 2.0.3 Apache Struts 2.0.11.2 Apache Struts 2.0.11.1 Apache Struts 2.0.10 Apache Struts 2.0.5 Apache Struts 2.0.2 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.0.1 Apache Struts 2.1.3 Apache Struts 2.0.12 Apache Struts 2.1.0 Apache Struts 2.0.0 Apache Struts 2.0.7 Apache Struts 2.0.4 Apache Struts 2.1.8.1 Apache Struts 2.1.2 Apache Struts 2.1.8 Apache Struts 2.0.14 Apache Struts 2.0.11 Apache Struts 2.1.6 Apache Struts 2.0.13 Apache Struts 2.1.1 Apache Struts 2.0.62 EDB exploits available1 Metasploit module available5 Github repositories available2 Articles available

6.5

CVSSv2

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling....

Apache Struts 2.0.1 Apache Struts 2.0.2 Apache Struts 2.0.9 Apache Struts 2.0.10 Apache Struts 2.1.0 Apache Struts 2.1.1 Apache Struts 2.1.8.1 Apache Struts 2.2.1 Apache Struts 2.3.3 Apache Struts 2.3.4 Apache Struts 2.3.10 Apache Struts 2.3.11 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.19 Apache Struts 2.0.3 Apache Struts 2.0.4 Apache Struts 2.0.11 Apache Struts 2.0.11.1 Apache Struts 2.1.2 Apache Struts 2.1.3 Apache Struts 2.2.1.1 Apache Struts 2.2.3 Apache Struts 2.3.4.1 Apache Struts 2.3.5 Apache Struts 2.3.12 Apache Struts 2.3.13 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.0.5 Apache Struts 2.0.6 Apache Struts 2.0.11.2 Apache Struts 2.0.12 Apache Struts 2.1.4 Apache Struts 2.1.5 Apache Struts 2.2.3.1 Apache Struts 2.3.1 Apache Struts 2.3.6 Apache Struts 2.3.7 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.0.7 Apache Struts 2.0.8 Apache Struts 2.0.13 Apache Struts 2.0.14 Apache Struts 2.1.6 Apache Struts 2.1.7 Apache Struts 2.1.8 Apache Struts 2.3.1.1 Apache Struts 2.3.1.2 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.16.3 Apache Struts 2.3.17

10

CVSSv2

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,...

Apache Struts 2.3.11 Apache Struts 2.3.12 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.20.1 Apache Struts 2.3.24.1 Apache Struts 2.3.24.2 Apache Struts 2.3.29 Apache Struts 2.3.30 Apache Struts 2.3.10 Apache Struts 2.3.5 Apache Struts 2.3.28 Apache Struts 2.3.20.2 Apache Struts 2.3.15 Apache Struts 2.3.25 Apache Struts 2.3.14 Apache Struts 2.3.13 Apache Struts 2.3.16 Apache Struts 2.3.17 Apache Struts 2.3.9 Apache Struts 2.3.16.3 Apache Struts 2.3.23 Apache Struts 2.3.24.3 Apache Struts 2.3.14.3 Apache Struts 2.3.8 Apache Struts 2.3.24 Apache Struts 2.3.28.1 Apache Struts 2.3.14.2 Apache Struts 2.3.20.3 Apache Struts 2.3.16.2 Apache Struts 2.3.31 Apache Struts 2.3.15.3 Apache Struts 2.3.16.1 Apache Struts 2.3.14.1 Apache Struts 2.3.22 Apache Struts 2.3.6 Apache Struts 2.3.7 Apache Struts 2.3.26 Apache Struts 2.3.27 Apache Struts 2.3.21 Apache Struts 2.5.4 Apache Struts 2.5.6 Apache Struts 2.5.7 Apache Struts 2.5.10 Apache Struts 2.5.3 Apache Struts 2.5.5 Apache Struts 2.5.8 Apache Struts 2.5.9 Apache Struts 2.5 Apache Struts 2.5.1 Apache Struts 2.5.22 EDB exploits available1 Metasploit module available60 Github repositories available29 Articles available

6.8

CVSSv2

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads....

Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.3.1.2 Apache Struts 2.3.3 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.3.16.2 Apache Struts 2.3.16.3 Apache Struts 2.3.28 Apache Struts 2.3.28.1 Apache Struts 2.5.3 Apache Struts 2.5.4 Apache Struts 2.3.1.1 Apache Struts 2.3.15 Apache Struts 2.3.14 Apache Struts 2.2.1 Apache Struts 2.3.16 Apache Struts 2.5.6 Apache Struts 2.3.4 Apache Struts 2.1.2 Apache Struts 2.1.5 Apache Struts 2.3.29 Apache Struts 2.3.4.1 Apache Struts 2.3.20.1 Apache Struts 2.3.30 Apache Struts 2.5.5 Apache Struts 2.3.15.1 Apache Struts 2.3.1 Apache Struts 2.1.6 Apache Struts 2.3.12 Apache Struts 2.2.1.1 Apache Struts 2.3.20 Apache Struts 2.5.10.1 Apache Struts 2.3.14.1 Apache Struts 2.5.12 Apache Struts 2.5.11 Apache Struts 2.5.9 Apache Struts 2.2.3.1 Apache Struts 2.5.2 Apache Struts 2.3.32 Apache Struts 2.5.10 Apache Struts 2.3.24.1 Apache Struts 2.1.3 Apache Struts 2.3.24.3 Apache Struts 2.3.15.2 Apache Struts 2.3.8 Apache Struts 2.3.7 Apache Struts 2.3.24 Apache Struts 2.5.1 Apache Struts 2.3.20.3 Apache Struts 2.5.7 Apache Struts 2.2.3 Apache Struts 2.1.4 Apache Struts 2.3.31 Apache Struts 2.3.15.3 Apache Struts 2.3.16.1 Apache Struts 2.5.8 Apache Struts 2.3.331 EDB exploit available1 Metasploit module available75 Github repositories available13 Articles available

5.8

CVSSv2

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request....

Apache Struts 2.0.1 Apache Struts 2.0.10 Apache Struts 2.0.2 Apache Struts 2.0.3 Apache Struts 2.1.0 Apache Struts 2.1.1 Apache Struts 2.2.1 Apache Struts 2.2.1.1 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.16 Apache Struts 2.3.16.1 Apache Struts 2.3.1.1 Apache Struts 2.0.12 Apache Struts 2.2.3.1 Apache Struts 2.3.15 Apache Struts 2.0.7 Apache Struts 2.0.4 Apache Struts 2.1.3 Apache Struts 2.1.2 Apache Struts 2.1.5 Apache Struts 2.3.14.3 Apache Struts 2.3.4.1 Apache Struts 2.0.11.1 Apache Struts 2.3.7 Apache Struts 2.3.14.2 Apache Struts 2.3.15.1 Apache Struts 2.3.1 Apache Struts 2.0.11 Apache Struts 2.3.16.2 Apache Struts 2.1.6 Apache Struts 2.0.5 Apache Struts 2.2.3 Apache Struts 2.1.4 Apache Struts 2.0.11.2 Apache Struts 2.0.6 Apache Struts 2.0.9 Apache Struts 2.0.0 Apache Struts 2.0.8 Apache Struts 2.1.8.1 Apache Struts 2.3.3 Apache Struts 2.3.4 Apache Struts 2.3.15.2 Apache Struts 2.1.8 Apache Struts 2.3.8 Apache Struts 2.0.14 Apache Struts 2.3.12 Apache Struts 2.0.13 Apache Struts 2.3.1.2 Apache Struts 2.3.15.32 Github repositories available

5

CVSSv2

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload....

Apache Struts 2.5.10.1 Apache Struts 2.3.12 Apache Struts 2.3.13 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.20.1 Apache Struts 2.3.20.2 Apache Struts 2.3.26 Apache Struts 2.3.27 Apache Struts 2.5 Apache Struts 2.5.9 Apache Struts 2.5.2 Apache Struts 2.3.14 Apache Struts 2.3.24.2 Apache Struts 2.3.17 Apache Struts 2.5.10 Apache Struts 2.3.22 Apache Struts 2.5.6 Apache Struts 2.3.9 Apache Struts 2.3.16.3 Apache Struts 2.3.23 Apache Struts 2.3.29 Apache Struts 2.3.14.3 Apache Struts 2.3.8 Apache Struts 2.3.30 Apache Struts 2.3.7 Apache Struts 2.5.1 Apache Struts 2.3.14.2 Apache Struts 2.5.5 Apache Struts 2.3.16.2 Apache Struts 2.3.21 Apache Struts 2.3.16.1 Apache Struts 2.3.14.1 Apache Struts 2.5.12 Apache Struts 2.3.28 Apache Struts 2.3.15 Apache Struts 2.3.25 Apache Struts 2.3.32 Apache Struts 2.3.24.3 Apache Struts 2.3.19 Apache Struts 2.3.28.1 Apache Struts 2.5.4 Apache Struts 2.5.7 Apache Struts 2.3.10 Apache Struts 2.3.15.1 Apache Struts 2.5.3 Apache Struts 2.3.31 Apache Struts 2.3.20 Apache Struts 2.3.11 Apache Struts 2.5.8 Apache Struts 2.3.334 Github repositories available4 Articles available

7.5

CVSSv2

Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up....

Apache Struts 2.3.16.2 Apache Struts 2.3.16.1 Apache Struts 2.3.14.1 Apache Struts 2.3.14 Apache Struts 2.3.1.2 Apache Struts 2.3.1.1 Apache Struts 2.1.8 Apache Struts 2.1.6 Apache Struts 2.0.3 Apache Struts 2.0.4 Apache Struts 2.3.20.1 Apache Struts 2.3.20.3 Apache Struts 2.5 Apache Struts 2.3.15.2 Apache Struts 2.3.15 Apache Struts 2.3.8 Apache Struts 2.3.4.1 Apache Struts 2.2.3 Apache Struts 2.2.1.1 Apache Struts 2.0.11.2 Apache Struts 2.0.11.1 Apache Struts 2.0.0 Apache Struts 2.0.7 Apache Struts 2.0.8 Apache Struts 2.3.24.3 Apache Struts 2.3.28 Apache Struts 2.3.16 Apache Struts 2.3.15.3 Apache Struts 2.3.12 Apache Struts 2.3.7 Apache Struts 2.3.1 Apache Struts 2.2.3.1 Apache Struts 2.0.14 Apache Struts 2.0.12 Apache Struts 2.0.5 Apache Struts 2.0.6 Apache Struts 2.3.24 Apache Struts 2.3.24.1 Apache Struts 2.3.20 Apache Struts 2.3.16.3 Apache Struts 2.3.15.1 Apache Struts 2.3.14.3 Apache Struts 2.3.14.2 Apache Struts 2.3.3 Apache Struts 2.3.4 Apache Struts 2.2.1 Apache Struts 2.1.8.1 Apache Struts 2.0.1 Apache Struts 2.0.2 Apache Struts 2.0.9 Apache Struts 2.0.11 Apache Struts 2.3.28.1

2.6

CVSSv2

Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an...

7.5

CVSSv2

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage....

6.8

CVSSv2

The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session...

Get Started

« PREV 1 2 3 4 5 6 7 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook