Vulmon
Recent Vulnerabilities
Discussions
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
struts vulnerabilities and exploits
5
CVSSv2
CVE-2017-9793
The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload....
Apache
Struts
1 Github repository available
3 Articles available
7.5
CVSSv2
CVE-2016-4436
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up....
Apache
Struts
7.8
CVSSv2
CVE-2006-1547
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides...
Apache
Struts
1 Github repository available
5
CVSSv2
CVE-2011-5057
Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that...
Apache
Struts
1 EDB exploit available
6.5
CVSSv2
CVE-2016-3090
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling....
Apache
Struts
7.5
CVSSv2
CVE-2017-9791
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage....
Apache
Struts
2 EDB exploits available
1 Metasploit module available
21 Github repositories available
2 Articles available
5.8
CVSSv2
CVE-2014-0116
CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request....
Apache
Struts
2 Github repositories available
7.5
CVSSv2
CVE-2017-12611
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack....
Apache
Struts
7 Github repositories available
3 Articles available
5
CVSSv2
CVE-2015-5209
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object....
Apache
Struts
5.8
CVSSv2
CVE-2013-2248
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix....
Apache
Struts
1 EDB exploit available
2 Github repositories available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2019-20398
CVE-2019-19363
CVE-2020-7939
zonedirector 1200 firmware
CVE-2020-0601
information disclosure
CVE-2011-3622
libyang
path traversal
type confusion
CVE-2007-6758
ruckuswireless
cesnet
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »
Vulmon