struts vulnerabilities and exploits

(subscribe to this query)

10

CVSSv3

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,...

Apache Struts 2.3.11 Apache Struts 2.3.12 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.20.1 Apache Struts 2.3.24.1 Apache Struts 2.3.24.2 Apache Struts 2.3.29 Apache Struts 2.3.30 Apache Struts 2.3.10 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.16.3 Apache Struts 2.3.17 Apache Struts 2.3.23 Apache Struts 2.3.24 Apache Struts 2.3.28 Apache Struts 2.3.28.1 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.13 Apache Struts 2.3.14 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.20.2 Apache Struts 2.3.20.3 Apache Struts 2.3.24.3 Apache Struts 2.3.25 Apache Struts 2.3.31 Apache Struts 2.3.5 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.21 Apache Struts 2.3.22 Apache Struts 2.3.26 Apache Struts 2.3.27 Apache Struts 2.3.6 Apache Struts 2.3.7 Apache Struts 2.5.4 Apache Struts 2.5.6 Apache Struts 2.5.7 Apache Struts 2.5.10 Apache Struts 2.5.3 Apache Struts 2.5.5 Apache Struts 2.5.8 Apache Struts 2.5.9 Apache Struts 2.5 Apache Struts 2.5.1 Apache Struts 2.5.22 EDB exploits available1 Metasploit module available85 Github repositories available6 Articles available

8.1

CVSSv3

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads....

Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.3.1.2 Apache Struts 2.3.3 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.3.16.2 Apache Struts 2.3.16.3 Apache Struts 2.3.28 Apache Struts 2.3.28.1 Apache Struts 2.5.3 Apache Struts 2.5.4 Apache Struts 2.5.10.1 Apache Struts 2.5.11 Apache Struts 2.1.2 Apache Struts 2.2.1 Apache Struts 2.2.1.1 Apache Struts 2.3.4 Apache Struts 2.3.4.1 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.20 Apache Struts 2.3.20.1 Apache Struts 2.3.29 Apache Struts 2.3.30 Apache Struts 2.5.5 Apache Struts 2.5.6 Apache Struts 2.5.12 Apache Struts 2.1.5 Apache Struts 2.1.6 Apache Struts 2.3.1 Apache Struts 2.3.1.1 Apache Struts 2.3.12 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.16 Apache Struts 2.3.16.1 Apache Struts 2.3.24.1 Apache Struts 2.3.24.3 Apache Struts 2.3.33 Apache Struts 2.5.1 Apache Struts 2.5.2 Apache Struts 2.5.9 Apache Struts 2.5.10 Apache Struts 2.1.3 Apache Struts 2.1.4 Apache Struts 2.2.3 Apache Struts 2.2.3.1 Apache Struts 2.3.7 Apache Struts 2.3.8 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.20.3 Apache Struts 2.3.24 Apache Struts 2.3.31 Apache Struts 2.3.32 Apache Struts 2.5.7 Apache Struts 2.5.81 EDB exploit available1 Metasploit module available76 Github repositories available13 Articles available

NA

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request....

Apache Struts 2.0.1 Apache Struts 2.0.10 Apache Struts 2.0.2 Apache Struts 2.0.3 Apache Struts 2.1.0 Apache Struts 2.1.1 Apache Struts 2.2.1 Apache Struts 2.2.1.1 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.16 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.0.11.2 Apache Struts 2.0.12 Apache Struts 2.0.6 Apache Struts 2.0.7 Apache Struts 2.1.5 Apache Struts 2.1.6 Apache Struts 2.3.1 Apache Struts 2.3.1.1 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.4.1 Apache Struts 2.3.7 Apache Struts 2.0.11 Apache Struts 2.0.11.1 Apache Struts 2.0.4 Apache Struts 2.0.5 Apache Struts 2.1.2 Apache Struts 2.1.3 Apache Struts 2.1.4 Apache Struts 2.2.3 Apache Struts 2.2.3.1 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.0.0 Apache Struts 2.0.13 Apache Struts 2.0.14 Apache Struts 2.0.8 Apache Struts 2.0.9 Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.3.1.2 Apache Struts 2.3.12 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.8 Apache Struts 2.3.3 Apache Struts 2.3.45 Github repositories available

9.8

CVSSv3

Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up....

Apache Struts 2.3.16.2 Apache Struts 2.3.16.1 Apache Struts 2.3.14.1 Apache Struts 2.3.14 Apache Struts 2.3.1.2 Apache Struts 2.3.1.1 Apache Struts 2.1.8 Apache Struts 2.1.6 Apache Struts 2.0.3 Apache Struts 2.0.4 Apache Struts 2.3.20.1 Apache Struts 2.3.20.3 Apache Struts 2.5 Apache Struts 2.3.15.2 Apache Struts 2.3.15 Apache Struts 2.3.8 Apache Struts 2.3.4.1 Apache Struts 2.2.3 Apache Struts 2.2.1.1 Apache Struts 2.0.11.2 Apache Struts 2.0.11.1 Apache Struts 2.0.0 Apache Struts 2.0.7 Apache Struts 2.0.8 Apache Struts 2.3.24.3 Apache Struts 2.3.28 Apache Struts 2.3.16 Apache Struts 2.3.15.3 Apache Struts 2.3.12 Apache Struts 2.3.7 Apache Struts 2.3.1 Apache Struts 2.2.3.1 Apache Struts 2.0.14 Apache Struts 2.0.12 Apache Struts 2.0.5 Apache Struts 2.0.6 Apache Struts 2.3.24 Apache Struts 2.3.24.1 Apache Struts 2.3.20 Apache Struts 2.3.16.3 Apache Struts 2.3.15.1 Apache Struts 2.3.14.3 Apache Struts 2.3.14.2 Apache Struts 2.3.3 Apache Struts 2.3.4 Apache Struts 2.2.1 Apache Struts 2.1.8.1 Apache Struts 2.0.1 Apache Struts 2.0.2 Apache Struts 2.0.9 Apache Struts 2.0.11 Apache Struts 2.3.28.1

7.5

CVSSv3

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload....

Apache Struts 2.5.10.1 Apache Struts 2.3.12 Apache Struts 2.3.13 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.20.1 Apache Struts 2.3.20.2 Apache Struts 2.3.26 Apache Struts 2.3.27 Apache Struts 2.5 Apache Struts 2.5.5 Apache Struts 2.5.6 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.3.16.3 Apache Struts 2.3.17 Apache Struts 2.3.23 Apache Struts 2.3.24.2 Apache Struts 2.3.29 Apache Struts 2.3.30 Apache Struts 2.5.1 Apache Struts 2.5.2 Apache Struts 2.5.9 Apache Struts 2.5.10 Apache Struts 2.5.12 Apache Struts 2.3.7 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.21 Apache Struts 2.3.22 Apache Struts 2.3.28 Apache Struts 2.3.28.1 Apache Struts 2.5.7 Apache Struts 2.5.8 Apache Struts 2.3.10 Apache Struts 2.3.11 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.24.3 Apache Struts 2.3.25 Apache Struts 2.3.31 Apache Struts 2.3.32 Apache Struts 2.3.33 Apache Struts 2.5.3 Apache Struts 2.5.45 Github repositories available4 Articles available

NA

Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related...

9.8

CVSSv3

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage....

NA

The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session...

7.5

CVSSv3

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method....

Apache Struts 2.3.28 Apache Struts 2.3.20.1 Apache Struts 2.3.20 Apache Struts 2.3.24.3 Apache Struts 2.3.24.1 Apache Struts 2.3.24 Apache Struts 2.3.20.3

Get Started

« PREV 1 2 3 4 5 6 7 8 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook