Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
struts vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-31805
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted ...
Apache Struts
8 Github repositories
NA
CVE-2014-0113
CookieInterceptor in Apache Struts prior to 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote malicious users to "manipulate" the ClassLoader and execute arbitrary code via a crafted request....
Apache Struts
1 EDB exploit
NA
CVE-2014-0094
The ParametersInterceptor in Apache Struts prior to 2.3.16.2 allows remote malicious users to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
Apache Struts
2 EDB exploits
4 Github repositories
7.5
CVSSv3
CVE-2023-34396
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: up to and including 2.5.30, up to and including 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater
Apache Struts
NA
CVE-2012-0392
The CookieInterceptor component in Apache Struts prior to 2.3.1.1 does not use the parameter-name whitelist, which allows remote malicious users to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
Apache Struts
1 EDB exploit
NA
CVE-2012-0393
The ParameterInterceptor component in Apache Struts prior to 2.3.1.1 does not prevent access to public constructors, which allows remote malicious users to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
Apache Struts
1 EDB exploit
NA
CVE-2012-0394
The DebuggingInterceptor component in Apache Struts prior to 2.3.1.1, when developer mode is used, allows remote malicious users to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
Apache Struts
2 EDB exploits
NA
CVE-2011-5057
Apache Struts 2.3.1.2 and previous versions, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote malicious users to modify run-time data values via a crafted parameter to an a...
Apache Struts
1 EDB exploit
NA
CVE-2012-0391
The ExceptionDelegator component in Apache Struts prior to 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote malicious users to execute arbitrary Java code via a crafted parameter...
Apache Struts
2 EDB exploits
6.1
CVSSv3
CVE-2015-2992
Apache Struts prior to 2.3.20 has a cross-site scripting (XSS) vulnerability.
Apache Struts
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-9553
CVE-2024-47332
CVE-2024-47360
remote code execution
CVE-2024-45409
CVE-2024-45519
overflow
CVE-2024-47371
stored XSS
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »