Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
struts vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6505
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2)...
Apache Struts 2.0.11.1
Apache Struts 2.0.11.2
Apache Struts 2.0.6
Apache Struts 2.0.8
Apache Struts 2.1.2 Beta
Apache Struts 2.0.9
Apache Struts 2.0.11
1 EDB exploit available
NA
CVE-2008-2025
Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to...
Apache Struts 1.1
Apache Struts 1.2.7
Apache Struts 1.2.8
Apache Struts 1.2.4
Apache Struts 1.0.2
NA
CVE-2012-1006
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to...
Apache Struts 2.0.14
Apache Struts 2.2.3
1 EDB exploit available
NA
CVE-2006-1547
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides...
Apache Struts 1.2.7
Apache Struts
1 Github repository available
1 Article available
NA
CVE-2014-0113
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE:...
Apache Struts
1 EDB exploit available
5 Github repositories available
NA
CVE-2012-0392
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method....
Apache Struts
1 EDB exploit available
5 Github repositories available
8.8
CVSSv3
CVE-2016-0785
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation....
Apache Struts
2 Github repositories available
NA
CVE-2013-2135
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice....
Apache Struts
3 Github repositories available
7.5
CVSSv3
CVE-2018-1327
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described...
Apache Struts
6 Github repositories available
NA
CVE-2012-0391
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter....
Apache Struts
2 EDB exploits available
1 Metasploit module available
1 Github repository available
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21012
CVE-2023-21075
CVE-2021-3923
CVE-2023-25664
CVE-2023-21034
dos
CVE-2022-46169
unprivileged
reflected XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »