struts vulnerabilities and exploits

(subscribe to this query)

5.8

CVSSv2

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request....

Apache Struts 2.0.1 Apache Struts 2.0.10 Apache Struts 2.0.2 Apache Struts 2.0.3 Apache Struts 2.1.0 Apache Struts 2.1.1 Apache Struts 2.2.1 Apache Struts 2.2.1.1 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.16 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.0.11.2 Apache Struts 2.0.12 Apache Struts 2.0.6 Apache Struts 2.0.7 Apache Struts 2.1.5 Apache Struts 2.1.6 Apache Struts 2.3.1 Apache Struts 2.3.1.1 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.4.1 Apache Struts 2.3.7 Apache Struts 2.0.11 Apache Struts 2.0.11.1 Apache Struts 2.0.4 Apache Struts 2.0.5 Apache Struts 2.1.2 Apache Struts 2.1.3 Apache Struts 2.1.4 Apache Struts 2.2.3 Apache Struts 2.2.3.1 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.0.0 Apache Struts 2.0.13 Apache Struts 2.0.14 Apache Struts 2.0.8 Apache Struts 2.0.9 Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.3.1.2 Apache Struts 2.3.12 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.8 Apache Struts 2.3.3 Apache Struts 2.3.42 Github repositories available

5

CVSSv2

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload....

Apache Struts 2.5.10.1 Apache Struts 2.3.12 Apache Struts 2.3.13 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.20.1 Apache Struts 2.3.20.2 Apache Struts 2.3.26 Apache Struts 2.3.27 Apache Struts 2.5 Apache Struts 2.5.5 Apache Struts 2.5.6 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.3.16.3 Apache Struts 2.3.17 Apache Struts 2.3.23 Apache Struts 2.3.24.2 Apache Struts 2.3.29 Apache Struts 2.3.30 Apache Struts 2.5.1 Apache Struts 2.5.2 Apache Struts 2.5.9 Apache Struts 2.5.10 Apache Struts 2.5.12 Apache Struts 2.3.7 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.21 Apache Struts 2.3.22 Apache Struts 2.3.28 Apache Struts 2.3.28.1 Apache Struts 2.5.7 Apache Struts 2.5.8 Apache Struts 2.3.10 Apache Struts 2.3.11 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.24.3 Apache Struts 2.3.25 Apache Struts 2.3.31 Apache Struts 2.3.32 Apache Struts 2.3.33 Apache Struts 2.5.3 Apache Struts 2.5.44 Github repositories available4 Articles available

7.5

CVSSv2

Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up....

Apache Struts 2.3.16.2 Apache Struts 2.3.16.1 Apache Struts 2.3.14.1 Apache Struts 2.3.14 Apache Struts 2.3.1.2 Apache Struts 2.3.1.1 Apache Struts 2.1.8 Apache Struts 2.1.6 Apache Struts 2.0.3 Apache Struts 2.0.4 Apache Struts 2.3.20.1 Apache Struts 2.3.20.3 Apache Struts 2.5 Apache Struts 2.3.15.2 Apache Struts 2.3.15 Apache Struts 2.3.8 Apache Struts 2.3.4.1 Apache Struts 2.2.3 Apache Struts 2.2.1.1 Apache Struts 2.0.11.2 Apache Struts 2.0.11.1 Apache Struts 2.0.0 Apache Struts 2.0.7 Apache Struts 2.0.8 Apache Struts 2.3.24.3 Apache Struts 2.3.28 Apache Struts 2.3.16 Apache Struts 2.3.15.3 Apache Struts 2.3.12 Apache Struts 2.3.7 Apache Struts 2.3.1 Apache Struts 2.2.3.1 Apache Struts 2.0.14 Apache Struts 2.0.12 Apache Struts 2.0.5 Apache Struts 2.0.6 Apache Struts 2.3.24 Apache Struts 2.3.24.1 Apache Struts 2.3.20 Apache Struts 2.3.16.3 Apache Struts 2.3.15.1 Apache Struts 2.3.14.3 Apache Struts 2.3.14.2 Apache Struts 2.3.3 Apache Struts 2.3.4 Apache Struts 2.2.1 Apache Struts 2.1.8.1 Apache Struts 2.0.1 Apache Struts 2.0.2 Apache Struts 2.0.9 Apache Struts 2.0.11 Apache Struts 2.3.28.1

7.5

CVSSv2

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage....

6.8

CVSSv2

The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session...

5

CVSSv2

The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter....

Apache Struts 1.3.10 Apache Struts 1.2.9 Apache Struts 1.1 Apache Struts 1.2.6 Apache Struts 1.2.4 Apache Struts 1.0.2 Apache Struts 1.0 Apache Struts 1.2.8 Apache Struts 1.2.7 Apache Struts 1.3.8 Apache Struts 1.3.5 Apache Struts 1.2.22 Github repositories available

10

CVSSv2

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors....

Apache Struts 2.3.12 Apache Struts 2.3.1.2 Apache Struts 2.3.1.1 Apache Struts 2.3.1 Apache Struts 2.0.9 Apache Struts 2.0.8 Apache Struts 2.0.7 Apache Struts 2.0.6 Apache Struts 2.0.0 Apache Struts 2.3.15.1 Apache Struts 2.3.4.1 Apache Struts 2.3.4 Apache Struts 2.3.3 Apache Struts 2.3.15 Apache Struts 2.1.8.1 Apache Struts 2.1.8 Apache Struts 2.1.6 Apache Struts 2.1.5 Apache Struts 2.1.4 Apache Struts 2.0.14 Apache Struts 2.0.13 Apache Struts 2.0.12 Apache Struts 2.0.11.2 Apache Struts 2.3.7 Apache Struts 2.3.14.3 Apache Struts 2.3.14.1 Apache Struts 2.2.3 Apache Struts 2.2.1 Apache Struts 2.1.2 Apache Struts 2.1.0 Apache Struts 2.0.5 Apache Struts 2.0.3 Apache Struts 2.0.11 Apache Struts 2.0.1 Apache Struts 2.3.8 Apache Struts 2.3.14.2 Apache Struts 2.3.14 Apache Struts 2.2.3.1 Apache Struts 2.2.1.1 Apache Struts 2.1.3 Apache Struts 2.1.1 Apache Struts 2.0.4 Apache Struts 2.0.2 Apache Struts 2.0.11.1 Apache Struts 2.0.10 Oracle Webcenter Sites 11.1.1.6.1 Oracle Flexcube Private Banking 3.0 Oracle Flexcube Private Banking 1.7 Oracle Mysql Enterprise Monitor Oracle Flexcube Private Banking 2.2.0.1 Oracle Flexcube Private Banking 12.0.1 Oracle Flexcube Private Banking 2.0.1 Oracle Webcenter Sites 11.1.1.8.0 Oracle Flexcube Private Banking 12.0.2 Oracle Flexcube Private Banking 2.01 Github repository available1 Article available

5

CVSSv2

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method....

Apache Struts 2.3.28 Apache Struts 2.3.20.1 Apache Struts 2.3.20 Apache Struts 2.3.24.3 Apache Struts 2.3.24.1 Apache Struts 2.3.24 Apache Struts 2.3.20.3

4.3

CVSSv2

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12....

Apache Struts 2.5 Apache Struts 2.5.5 Apache Struts 2.5.8 Apache Struts 2.5.10 Apache Struts 2.5.2 Apache Struts 2.5.1 Apache Struts 2.5.10.11 Github repository available3 Articles available

Get Started

« PREV 1 2 3 4 5 6 7 8 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook