Vulmon
Recent Vulnerabilities
Discussions
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
struts vulnerabilities and exploits
7.5
CVSSv2
CVE-2014-0112
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an...
Apache
Struts
2 EDB exploits available
1 Metasploit module available
3 Github repositories available
1 Article available
4.3
CVSSv2
CVE-2015-5169
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20....
Apache
Struts
5
CVSSv2
CVE-2014-0094
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method....
Apache
Struts
2 EDB exploits available
1 Metasploit module available
7 Github repositories available
1 Article available
4.3
CVSSv2
CVE-2016-8738
In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL....
Apache
Struts
4.3
CVSSv2
CVE-2012-1007
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or...
Apache
Struts
1 EDB exploit available
5
CVSSv2
CVE-2010-1870
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the...
Apache
Struts
2 EDB exploits available
1 Metasploit module available
2 Github repositories available
1 Article available
5
CVSSv2
CVE-2015-0899
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter....
Apache
Struts
2 Github repositories available
5
CVSSv2
CVE-2016-4433
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request....
Apache
Struts
9.3
CVSSv2
CVE-2013-2115
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966....
Apache
Struts
1 EDB exploit available
1 Metasploit module available
1 Github repository available
6.8
CVSSv2
CVE-2014-7809
Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism....
Apache
Struts
3 Github repositories available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
apq8009 firmware
CVE-2020-7211
LFI
CVE-2019-18187
CVE-2019-19413
CVE-2020-0674
CVE-2019-14768
CVE-2011-3621
qualcomm
man-in-the-middle
path traversal
« PREV
1
2
3
4
5
6
7
8
NEXT »
Vulmon