struts vulnerabilities and exploits

(subscribe to this query)

NA

Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related...

5.3

CVSSv3

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors....

Ognl Project Ognl Apache Struts 2.3.16.2 Apache Struts 2.3.16.1 Apache Struts 2.3.14.1 Apache Struts 2.3.14 Apache Struts 2.3.1.1 Apache Struts 2.3.1 Apache Struts 2.1.6 Apache Struts 2.3.24.1 Apache Struts 2.3.24 Apache Struts 2.3.16 Apache Struts 2.3.15.3 Apache Struts 2.3.15.2 Apache Struts 2.3.12 Apache Struts 2.3.8 Apache Struts 2.2.3.1 Apache Struts 2.2.3 Apache Struts 2.1.3 Apache Struts 2.1.2 Apache Struts 2.0.11.1 Apache Struts 2.0.11 Apache Struts 2.0.4 Apache Struts 2.0.3 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.0.12 Apache Struts 2.0.11.2 Apache Struts 2.0.6 Apache Struts 2.0.5 Apache Struts 2.3.20.3 Apache Struts 2.3.20.1 Apache Struts 2.3.15.1 Apache Struts 2.3.15 Apache Struts 2.3.7 Apache Struts 2.3.4.1 Apache Struts 2.2.1.1 Apache Struts 2.2.1 Apache Struts 2.1.1 Apache Struts 2.1.0 Apache Struts 2.0.10 Apache Struts 2.0.9 Apache Struts 2.0.2 Apache Struts 2.0.1 Apache Struts 2.3.20 Apache Struts 2.3.16.3 Apache Struts 2.3.14.3 Apache Struts 2.3.14.2 Apache Struts 2.3.4 Apache Struts 2.3.1.2 Apache Struts 2.1.8.1 Apache Struts 2.1.8 Apache Struts 2.0.14 Apache Struts 2.0.13 Apache Struts 2.0.8 Apache Struts 2.0.7 Apache Struts 2.0.01 Github repository available

8.8

CVSSv3

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling....

Apache Struts 2.0.1 Apache Struts 2.0.2 Apache Struts 2.0.9 Apache Struts 2.0.10 Apache Struts 2.1.0 Apache Struts 2.1.1 Apache Struts 2.1.8.1 Apache Struts 2.2.1 Apache Struts 2.3.3 Apache Struts 2.3.4 Apache Struts 2.3.10 Apache Struts 2.3.11 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.19 Apache Struts 2.0.3 Apache Struts 2.0.4 Apache Struts 2.0.11 Apache Struts 2.0.11.1 Apache Struts 2.1.2 Apache Struts 2.1.3 Apache Struts 2.2.1.1 Apache Struts 2.2.3 Apache Struts 2.3.4.1 Apache Struts 2.3.5 Apache Struts 2.3.12 Apache Struts 2.3.13 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.0.5 Apache Struts 2.0.6 Apache Struts 2.0.11.2 Apache Struts 2.0.12 Apache Struts 2.1.4 Apache Struts 2.1.5 Apache Struts 2.2.3.1 Apache Struts 2.3.1 Apache Struts 2.3.6 Apache Struts 2.3.7 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.0.7 Apache Struts 2.0.8 Apache Struts 2.0.13 Apache Struts 2.0.14 Apache Struts 2.1.6 Apache Struts 2.1.7 Apache Struts 2.1.8 Apache Struts 2.3.1.1 Apache Struts 2.3.1.2 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.16.3 Apache Struts 2.3.17

10

CVSSv3

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,...

Apache Struts 2.3.11 Apache Struts 2.3.12 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.20.1 Apache Struts 2.3.24.1 Apache Struts 2.3.24.2 Apache Struts 2.3.29 Apache Struts 2.3.30 Apache Struts 2.3.10 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.16.3 Apache Struts 2.3.17 Apache Struts 2.3.23 Apache Struts 2.3.24 Apache Struts 2.3.28 Apache Struts 2.3.28.1 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.13 Apache Struts 2.3.14 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.20.2 Apache Struts 2.3.20.3 Apache Struts 2.3.24.3 Apache Struts 2.3.25 Apache Struts 2.3.31 Apache Struts 2.3.5 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.21 Apache Struts 2.3.22 Apache Struts 2.3.26 Apache Struts 2.3.27 Apache Struts 2.3.6 Apache Struts 2.3.7 Apache Struts 2.5.4 Apache Struts 2.5.6 Apache Struts 2.5.7 Apache Struts 2.5.10 Apache Struts 2.5.3 Apache Struts 2.5.5 Apache Struts 2.5.8 Apache Struts 2.5.9 Apache Struts 2.5 Apache Struts 2.5.1 Apache Struts 2.5.22 EDB exploits available1 Metasploit module available65 Github repositories available25 Articles available

8.1

CVSSv3

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads....

Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.3.1.2 Apache Struts 2.3.3 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.3.16.2 Apache Struts 2.3.16.3 Apache Struts 2.3.28 Apache Struts 2.3.28.1 Apache Struts 2.5.3 Apache Struts 2.5.4 Apache Struts 2.5.10.1 Apache Struts 2.5.11 Apache Struts 2.1.2 Apache Struts 2.2.1 Apache Struts 2.2.1.1 Apache Struts 2.3.4 Apache Struts 2.3.4.1 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.20 Apache Struts 2.3.20.1 Apache Struts 2.3.29 Apache Struts 2.3.30 Apache Struts 2.5.5 Apache Struts 2.5.6 Apache Struts 2.5.12 Apache Struts 2.1.5 Apache Struts 2.1.6 Apache Struts 2.3.1 Apache Struts 2.3.1.1 Apache Struts 2.3.12 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.16 Apache Struts 2.3.16.1 Apache Struts 2.3.24.1 Apache Struts 2.3.24.3 Apache Struts 2.3.33 Apache Struts 2.5.1 Apache Struts 2.5.2 Apache Struts 2.5.9 Apache Struts 2.5.10 Apache Struts 2.1.3 Apache Struts 2.1.4 Apache Struts 2.2.3 Apache Struts 2.2.3.1 Apache Struts 2.3.7 Apache Struts 2.3.8 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.20.3 Apache Struts 2.3.24 Apache Struts 2.3.31 Apache Struts 2.3.32 Apache Struts 2.5.7 Apache Struts 2.5.81 EDB exploit available1 Metasploit module available76 Github repositories available13 Articles available

NA

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix....

Apache Struts 2.2.3.1 Apache Struts 2.3.4 Apache Struts 2.3.14.1 Apache Struts 2.0.8 Apache Struts 2.1.2 Apache Struts 2.0.14 Apache Struts 2.1.8.1 Apache Struts 2.2.1.1 Apache Struts 2.0.1 Apache Struts 2.0.3 Apache Struts 2.3.12 Apache Struts 2.3.1.2 Apache Struts 2.0.11.1 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.2.1 Apache Struts 2.1.3 Apache Struts 2.1.0 Apache Struts 2.1.8 Apache Struts 2.0.0 Apache Struts 2.3.1 Apache Struts 2.3.7 Apache Struts 2.3.14 Apache Struts 2.3.3 Apache Struts 2.0.11 Apache Struts 2.3.14.2 Apache Struts 2.0.6 Apache Struts 2.0.13 Apache Struts 2.0.12 Apache Struts 2.2.3 Apache Struts 2.0.4 Apache Struts 2.0.2 Apache Struts 2.0.5 Apache Struts 2.0.9 Apache Struts 2.0.11.2 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.1.6 Apache Struts 2.1.1 Apache Struts 2.0.7 Apache Struts 2.0.10 Apache Struts 2.3.1.1 Apache Struts 2.3.4.1 Apache Struts 2.3.81 EDB exploit available1 Metasploit module available43 Github repositories available

NA

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request....

Apache Struts 2.0.1 Apache Struts 2.0.10 Apache Struts 2.0.2 Apache Struts 2.0.3 Apache Struts 2.1.0 Apache Struts 2.1.1 Apache Struts 2.2.1 Apache Struts 2.2.1.1 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.16 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.0.11.2 Apache Struts 2.0.12 Apache Struts 2.0.6 Apache Struts 2.0.7 Apache Struts 2.1.5 Apache Struts 2.1.6 Apache Struts 2.3.1 Apache Struts 2.3.1.1 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.4.1 Apache Struts 2.3.7 Apache Struts 2.0.11 Apache Struts 2.0.11.1 Apache Struts 2.0.4 Apache Struts 2.0.5 Apache Struts 2.1.2 Apache Struts 2.1.3 Apache Struts 2.1.4 Apache Struts 2.2.3 Apache Struts 2.2.3.1 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.0.0 Apache Struts 2.0.13 Apache Struts 2.0.14 Apache Struts 2.0.8 Apache Struts 2.0.9 Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.3.1.2 Apache Struts 2.3.12 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.8 Apache Struts 2.3.3 Apache Struts 2.3.45 Github repositories available

NA

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors....

Apache Struts 2.3.12 Apache Struts 2.3.1.2 Apache Struts 2.3.1.1 Apache Struts 2.3.1 Apache Struts 2.0.9 Apache Struts 2.0.8 Apache Struts 2.0.7 Apache Struts 2.0.6 Apache Struts 2.0.0 Apache Struts 2.3.15.1 Apache Struts 2.3.4.1 Apache Struts 2.3.4 Apache Struts 2.3.3 Apache Struts 2.3.15 Apache Struts 2.1.8.1 Apache Struts 2.1.8 Apache Struts 2.1.6 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.0.14 Apache Struts 2.0.13 Apache Struts 2.0.12 Apache Struts 2.0.11.2 Apache Struts 2.3.7 Apache Struts 2.3.14.3 Apache Struts 2.3.14.1 Apache Struts 2.2.3 Apache Struts 2.2.1 Apache Struts 2.1.2 Apache Struts 2.1.0 Apache Struts 2.0.5 Apache Struts 2.0.3 Apache Struts 2.0.11 Apache Struts 2.0.1 Apache Struts 2.3.8 Apache Struts 2.3.14.2 Apache Struts 2.3.14 Apache Struts 2.2.3.1 Apache Struts 2.2.1.1 Apache Struts 2.1.3 Apache Struts 2.1.1 Apache Struts 2.0.4 Apache Struts 2.0.2 Apache Struts 2.0.11.1 Apache Struts 2.0.10 Oracle Webcenter Sites 11.1.1.6.1 Oracle Flexcube Private Banking 3.0 Oracle Flexcube Private Banking 1.7 Oracle Mysql Enterprise Monitor Oracle Flexcube Private Banking 2.2.0.1 Oracle Flexcube Private Banking 12.0.1 Oracle Flexcube Private Banking 2.0.1 Oracle Webcenter Sites 11.1.1.8.0 Oracle Flexcube Private Banking 12.0.2 Oracle Flexcube Private Banking 2.02 Github repositories available1 Article available

Get Started

« PREV 1 2 3 4 5 6 7 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook