Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
struts vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-4431
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method....
Apache Struts 2.3.28
Apache Struts 2.3.20.1
Apache Struts 2.3.20
Apache Struts 2.3.24.3
Apache Struts 2.3.24.1
Apache Struts 2.3.24
Apache Struts 2.3.20.3
4.3
CVSSv2
CVE-2017-7672
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12....
Apache Struts 2.5
Apache Struts 2.5.5
Apache Struts 2.5.8
Apache Struts 2.5.10
Apache Struts 2.5.2
Apache Struts 2.5.1
Apache Struts 2.5.10.1
1 Github repository available
3 Articles available
5
CVSSv2
CVE-2015-5209
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object....
Apache Struts 2.0.0
Apache Struts 2.0.1
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.1.0
Apache Struts 2.1.1
Apache Struts 2.1.8.1
Apache Struts 2.2.1
Apache Struts 2.3.3
Apache Struts 2.3.4
Apache Struts 2.3.4.1
Apache Struts 2.3.11
Apache Struts 2.3.12
Apache Struts 2.3.15.1
Apache Struts 2.3.15.2
Apache Struts 2.3.20
Apache Struts 2.3.20.1
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.0.10
Apache Struts 2.0.11
Apache Struts 2.0.11.1
Apache Struts 2.1.2
Apache Struts 2.1.3
Apache Struts 2.2.1.1
Apache Struts 2.2.3
Apache Struts 2.3.5
Apache Struts 2.3.6
Apache Struts 2.3.13
Apache Struts 2.3.14
Apache Struts 2.3.15.3
Apache Struts 2.3.16
Apache Struts 2.3.20.2
Apache Struts 2.3.21
Apache Struts 2.3.24
Apache Struts 2.0.6
Apache Struts 2.0.7
Apache Struts 2.0.13
Apache Struts 2.0.14
Apache Struts 2.1.6
Apache Struts 2.1.8
Apache Struts 2.3.1.1
Apache Struts 2.3.1.2
Apache Struts 2.3.9
Apache Struts 2.3.10
Apache Struts 2.3.14.3
Apache Struts 2.3.15
Apache Struts 2.3.16.3
Apache Struts 2.3.17
Apache Struts 2.3.19
Apache Struts 2.0.4
Apache Struts 2.0.5
Apache Struts 2.0.11.2
Apache Struts 2.0.12
Apache Struts 2.1.4
Apache Struts 2.1.5
Apache Struts 2.2.3.1
Apache Struts 2.3.1
Apache Struts 2.3.7
Apache Struts 2.3.8
Apache Struts 2.3.14.1
Apache Struts 2.3.14.2
Apache Struts 2.3.16.1
Apache Struts 2.3.16.2
Apache Struts 2.3.22
Apache Struts 2.3.23
7.5
CVSSv2
CVE-2017-12611
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack....
Apache Struts 2.0.3
Apache Struts 2.0.5
Apache Struts 2.0.11.1
Apache Struts 2.0.12
Apache Struts 2.1.4
Apache Struts 2.1.6
Apache Struts 2.2.3
Apache Struts 2.3.1
Apache Struts 2.3.6
Apache Struts 2.3.8
Apache Struts 2.3.14.1
Apache Struts 2.3.14.3
Apache Struts 2.3.5
Apache Struts 2.1.0
Apache Struts 2.3.15
Apache Struts 2.3.25
Apache Struts 2.3.16
Apache Struts 2.3.17
Apache Struts 2.3.3
Apache Struts 2.3.4
Apache Struts 2.1.2
Apache Struts 2.3.24.3
Apache Struts 2.0.1
Apache Struts 2.3.15.2
Apache Struts 2.0.2
Apache Struts 2.3.4.1
Apache Struts 2.0.14
Apache Struts 2.3.15.1
Apache Struts 2.3.16.2
Apache Struts 2.5.3
Apache Struts 2.3.26
Apache Struts 2.3.27
Apache Struts 2.3.1.2
Apache Struts 2.3.21
Apache Struts 2.3.15.3
Apache Struts 2.1.1
Apache Struts 2.3.1.1
Apache Struts 2.0.9
Apache Struts 2.5.9
Apache Struts 2.2.3.1
Apache Struts 2.3.20.2
Apache Struts 2.5
Apache Struts 2.5.2
Apache Struts 2.3.14
Apache Struts 2.0.8
Apache Struts 2.3.32
Apache Struts 2.0.7
Apache Struts 2.0.4
Apache Struts 2.3.13
Apache Struts 2.2.1
Apache Struts 2.3.24.2
Apache Struts 2.3.22
Apache Struts 2.5.6
Apache Struts 2.3.9
Apache Struts 2.1.8.1
Apache Struts 2.3.16.3
Apache Struts 2.1.3
Apache Struts 2.3.23
Apache Struts 2.1.5
Apache Struts 2.3.19
Apache Struts 2.1.8
Apache Struts 2.3.20.1
Apache Struts 2.3.30
Apache Struts 2.3.7
Apache Struts 2.3.28.1
Apache Struts 2.5.4
Apache Struts 2.3.14.2
Apache Struts 2.5.7
Apache Struts 2.5.5
Apache Struts 2.3.10
Apache Struts 2.0.11
Apache Struts 2.3.12
Apache Struts 2.2.1.1
Apache Struts 2.0.11.2
Apache Struts 2.0.13
Apache Struts 2.3.31
Apache Struts 2.3.20
Apache Struts 2.3.11
Apache Struts 2.3.16.1
Apache Struts 2.0.6
Apache Struts 2.0.10
Apache Struts 2.3.33
Apache Struts 2.3.28
Apache Struts 2.5.10
Apache Struts 2.3.29
Apache Struts 2.5.1
Apache Struts 2.5.8
13 Github repositories available
4 Articles available
5
CVSSv2
CVE-2017-9787
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33....
Apache Struts 2.3.12
Apache Struts 2.3.13
Apache Struts 2.3.15.2
Apache Struts 2.3.15.3
Apache Struts 2.3.20.1
Apache Struts 2.3.20.2
Apache Struts 2.3.24.2
Apache Struts 2.3.24.3
Apache Struts 2.3.30
Apache Struts 2.3.31
Apache Struts 2.3.32
Apache Struts 2.5.6
Apache Struts 2.5.9
Apache Struts 2.3.15
Apache Struts 2.3.25
Apache Struts 2.3.14
Apache Struts 2.3.16
Apache Struts 2.3.24.1
Apache Struts 2.3.29
Apache Struts 2.3.19
Apache Struts 2.3.24
Apache Struts 2.5.1
Apache Struts 2.3.28.1
Apache Struts 2.3.20.3
Apache Struts 2.5.7
Apache Struts 2.5
Apache Struts 2.3.10
Apache Struts 2.3.15.1
Apache Struts 2.3.16.2
Apache Struts 2.3.26
Apache Struts 2.3.21
Apache Struts 2.3.20
Apache Struts 2.3.11
Apache Struts 2.3.16.1
Apache Struts 2.5.8
Apache Struts 2.3.14.1
Apache Struts 2.3.28
Apache Struts 2.5.2
Apache Struts 2.3.17
Apache Struts 2.5.10
Apache Struts 2.3.22
Apache Struts 2.3.9
Apache Struts 2.3.16.3
Apache Struts 2.3.23
Apache Struts 2.3.14.3
Apache Struts 2.3.8
Apache Struts 2.3.7
Apache Struts 2.5.4
Apache Struts 2.3.14.2
Apache Struts 2.5.5
Apache Struts 2.5.3
Apache Struts 2.3.27
Apache Struts 2.5.10.1
1 Github repository available
3 Articles available
5
CVSSv2
CVE-2017-9804
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. ...
Apache Struts 2.5.12
Apache Struts 2.3.7
Apache Struts 2.3.14.1
Apache Struts 2.3.14.2
Apache Struts 2.3.16.1
Apache Struts 2.3.16.2
Apache Struts 2.3.21
Apache Struts 2.3.22
Apache Struts 2.3.28.1
Apache Struts 2.3.29
Apache Struts 2.5
Apache Struts 2.3.15
Apache Struts 2.3.25
Apache Struts 2.3.32
Apache Struts 2.3.24.2
Apache Struts 2.3.17
Apache Struts 2.3.9
Apache Struts 2.3.16.3
Apache Struts 2.3.23
Apache Struts 2.3.24.3
Apache Struts 2.3.15.2
Apache Struts 2.3.14.3
Apache Struts 2.3.19
Apache Struts 2.3.8
Apache Struts 2.5.4
Apache Struts 2.5.7
Apache Struts 2.3.10
Apache Struts 2.3.15.1
Apache Struts 2.5.3
Apache Struts 2.3.26
Apache Struts 2.3.12
Apache Struts 2.3.20
Apache Struts 2.3.11
Apache Struts 2.5.8
Apache Struts 2.3.33
Apache Struts 2.5.9
Apache Struts 2.3.28
Apache Struts 2.3.20.2
Apache Struts 2.5.2
Apache Struts 2.3.14
Apache Struts 2.3.13
Apache Struts 2.3.16
Apache Struts 2.5.10
Apache Struts 2.5.6
Apache Struts 2.3.20.1
Apache Struts 2.3.30
Apache Struts 2.5.1
Apache Struts 2.5.5
Apache Struts 2.3.27
Apache Struts 2.3.31
Apache Struts 2.3.15.3
Apache Struts 2.5.10.1
2 Github repositories available
4 Articles available
5.8
CVSSv2
CVE-2013-2248
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix....
Apache Struts 2.0.11.2
Apache Struts 2.0.11.1
Apache Struts 2.3.14.3
Apache Struts 2.1.4
Apache Struts 2.2.1
Apache Struts 2.1.1
Apache Struts 2.1.0
Apache Struts 2.3.1.1
Apache Struts 2.0.0
Apache Struts 2.3.8
Apache Struts 2.0.11
Apache Struts 2.0.9
Apache Struts 2.0.12
Apache Struts 2.2.3.1
Apache Struts 2.3.15
Apache Struts 2.3.14
Apache Struts 2.0.7
Apache Struts 2.0.4
Apache Struts 2.1.8.1
Apache Struts 2.3.3
Apache Struts 2.3.4
Apache Struts 2.1.3
Apache Struts 2.1.2
Apache Struts 2.1.5
Apache Struts 2.0.1
Apache Struts 2.1.8
Apache Struts 2.3.4.1
Apache Struts 2.3.7
Apache Struts 2.3.1
Apache Struts 2.1.6
Apache Struts 2.0.5
Apache Struts 2.3.12
Apache Struts 2.3.1.2
Apache Struts 2.0.6
Apache Struts 2.0.10
Apache Struts 2.3.14.1
Apache Struts 2.0.8
Apache Struts 2.0.2
Apache Struts 2.0.3
Apache Struts 2.3.14.2
Apache Struts 2.0.14
Apache Struts 2.2.3
Apache Struts 2.2.1.1
Apache Struts 2.0.13
1 EDB exploit available
5
CVSSv2
CVE-2015-0899
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter....
Apache Struts 1.3.10
Apache Struts 1.2.9
Apache Struts 1.1
Apache Struts 1.2.6
Apache Struts 1.2.4
Apache Struts 1.0.2
Apache Struts 1.0
Apache Struts 1.2.8
Apache Struts 1.2.7
Apache Struts 1.3.8
Apache Struts 1.3.5
Apache Struts 1.2.2
2 Github repositories available
5
CVSSv2
CVE-2012-4387
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression....
Apache Struts 2.0.6
Apache Struts 2.1.5
Apache Struts 2.0.12
Apache Struts 2.1.6
Apache Struts 2.0.4
Apache Struts 2.0.7
Apache Struts 2.3.1
Apache Struts 2.3.1.1
Apache Struts 2.0.11
Apache Struts 2.0.9
Apache Struts 2.1.3
Apache Struts 2.1.2
Apache Struts 2.1.8
Apache Struts 2.1.8.1
Apache Struts 2.0.1
Apache Struts 2.0.3
Apache Struts 2.0.2
Apache Struts 2.3.4
Apache Struts 2.0.11.2
Apache Struts 2.0.11.1
Apache Struts 2.0.8
Apache Struts 2.0.14
Apache Struts 2.0.13
Apache Struts 2.2.1.1
Apache Struts 2.2.3
Apache Struts 2.0.5
Apache Struts 2.2.3.1
Apache Struts 2.1.4
Apache Struts 2.2.1
Apache Struts 2.1.1
Apache Struts 2.1.0
Apache Struts 2.0.10
Apache Struts 2.0.0
Apache Struts 2.3.1.2
Apache Struts 2.3.3
4.3
CVSSv2
CVE-2011-2087
Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related...
Apache Struts 2.1.4
Apache Struts 2.2.1
Apache Struts 2.1.3
Apache Struts 2.1.2
Apache Struts 2.0.14
Apache Struts 2.0.3
Apache Struts 2.0.2
Apache Struts 2.0.5
Apache Struts 2.2.1.1
Apache Struts 2.0.8
Apache Struts 2.1.5
Apache Struts 2.0.12
Apache Struts 2.0.9
Apache Struts 2.1.0
Apache Struts 2.0.0
Apache Struts 2.0.7
Apache Struts 2.0.4
Apache Struts 2.1.8.1
Apache Struts 2.0.1
Apache Struts 2.1.8
Apache Struts 2.0.11.1
Apache Struts 2.0.11
Apache Struts 2.1.6
Apache Struts 2.0.11.2
Apache Struts 2.0.13
Apache Struts 2.1.1
Apache Struts 2.0.6
Apache Struts 2.0.10
2 Github repositories available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-36542
NULL pointer dereference
CVE-2021-3490
CVE-2021-36934
code injection
SSRF
CVE-2021-34632
CVE-2021-33325
CVE-2021-27503
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »
Vulmon