Vulmon
Recent Vulnerabilities
Discussions
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
struts vulnerabilities and exploits
7.5
CVSSv2
CVE-2015-1831
The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors....
Apache
Struts
9.3
CVSSv2
CVE-2012-0391
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter....
Apache
Struts
2 EDB exploits available
1 Metasploit module available
5
CVSSv2
CVE-2016-4431
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method....
Apache
Struts
4.3
CVSSv2
CVE-2017-7672
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12....
Apache
Struts
1 Github repository available
2 Articles available
4.3
CVSSv2
CVE-2013-6348
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/....
Apache
Struts
10
CVSSv2
CVE-2016-3082
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter....
Apache
Struts
7.5
CVSSv2
CVE-2016-3087
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin....
Apache
Struts
2 EDB exploits available
1 Metasploit module available
5 Github repositories available
9
CVSSv2
CVE-2016-0785
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation....
Apache
Struts
4.3
CVSSv2
CVE-2008-6682
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href...
Apache
Struts
9.3
CVSSv2
CVE-2013-2251
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix....
Apache
Struts
1 EDB exploit available
1 Metasploit module available
26 Github repositories available
1 Article available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2019-20398
CVE-2019-19363
CVE-2020-7939
zonedirector 1200 firmware
CVE-2020-0601
information disclosure
CVE-2011-3622
libyang
path traversal
type confusion
CVE-2007-6758
ruckuswireless
cesnet
« PREV
1
2
3
4
5
6
7
NEXT »
Vulmon