Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
struts vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-0838
Apache Struts 2 prior to 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote malicious users to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
Apache Struts
8.8
CVSSv3
CVE-2016-0785
Apache Struts 2.x prior to 2.3.28 allows remote malicious users to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
Apache Struts
NA
CVE-2013-1966
Apache Struts 2 prior to 2.3.14.2 allows remote malicious users to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
Apache Struts
1 EDB exploit
NA
CVE-2013-2134
Apache Struts 2 prior to 2.3.14.3 allows remote malicious users to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
Apache Struts
1 EDB exploit
6.1
CVSSv3
CVE-2016-4003
Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE prior to 1.8, as used in Apache Struts 2.x prior to 2.3.28, when using a single byte page encoding, allows remote malicious users to inject arbitrary web script or HTML via multi-byte characters in a url-e...
Apache Struts
NA
CVE-2012-0394
The DebuggingInterceptor component in Apache Struts prior to 2.3.1.1, when developer mode is used, allows remote malicious users to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
Apache Struts
2 EDB exploits
NA
CVE-2015-1831
The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote malicious users to "compromise internal state of an application" via unspecified vectors.
Apache Struts 2.3.20
NA
CVE-2013-6348
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote malicious users to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/.
Apache Struts 2.3.15.3
NA
CVE-2005-3745
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote malicious users to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
Apache Struts 1.2.7
1 EDB exploit
8.8
CVSSv3
CVE-2012-1592
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
Apache Struts 2.0.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »