K15260: Apache Struts vulnerability CVE-2014-0094

Security Advisory Description The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method. CVE-2014-0094 Impact None. F5 products do not use the affected Apache Struts version...

K74571223: Apache Struts vulnerability CVE-2016-8738

Security Advisory Description In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. CVE-2016-87...

K17563: Apache Struts vulnerability CVE-2015-2992

Security Advisory Description Arbitrary script can be executed when JSP files are exposed to be accessed directly. Affected versions are Struts 2.0.0 - 2.3.16.3. CVE-2015-2992 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

K10506844: Apache Struts 2 vulnerabilities CVE-2013-1966, CVE-2013-2115, CVE-2013-2134, and CVE-2013-2135

Security Advisory Description CVE-2013-1966 Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. CVE-2013-2115 Apache Struts 2 before 2.3.14.2 allow...

K16334: Apache Struts vulnerability CVE-2013-4316

Security Advisory Description Description Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. CVE-2013-4316 Impact None Status To determine if your release is known to be vulnerable, the components or features that are...

K17449: Apache Struts 2 vulnerability CVE-2015-5169

Security Advisory Description Cross-site scripting XSS vulnerability in Apache Struts before 2.3.20. CVE-2015-5169 When debug mode is switched on in Apache Struts, under certain conditions, an arbitrary script may be executed in the 'Problem Report' screen. Affected versions are Struts 2.0.0 -...

K16827: Apache Struts vulnerability CVE-2015-1831

Security Advisory Description Description Incorrect default exclude patterns were introduced in version 2.3.20 of Struts, if default settings are used, the attacker can compromise internal application's state. CVE-2015-1831 Impact There is no impact; F5 products are not affected by this...

K27638900: Apache Struts vulnerability CVE-2017-15707

Security Advisory Description In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. CVE-2017-15707 Impact There is no impact; F5 products are not affecte...

K65417229: Apache Struts vulnerability CVE-2017-7525

Security Advisory Description A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

K93174402: Apache Struts 2 vulnerability CVE-2016-3090

Security Advisory Description The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling. CVE-2016-3090 Impact There is no impact; F5 products are not affected by this...

K23432135: Apache Struts 2 vulnerability CVE-2016-3093

Security Advisory Description Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service block access to a web site via unspecified vectors. CVE-2016-3093 Impact The Object-Graph...

K20127031: Apache Struts vulnerability CVE-2012-0391

Security Advisory Description The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted...

K00503780: Apache Struts 2 vulnerability CVE-2017-7672

Security Advisory Description If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version...

K12542008: Apache Struts vulnerabilities CVE-2017-9793 and CVE-2017-9804

Security Advisory Description CVE-2017-9793 The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload. CVE-2017-9804 In Apache Stru...

K45474286: Apache Struts Freemarker Remote Code Execution vulnerability CVE-2017-12611

Security Advisory Description In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. CVE-2017-12611 Impact There is no impact; F5 products are not affected by this vulnerability...

K14933: Apache Struts vulnerability CVE-2013-2251

Security Advisory Description Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted 1 action:, 2 redirect:, or 3 redirectAction: prefix. CVE-2013-2251 Impact None Security Advisory Status To determine if your release is kno...

K84144321: Apache Struts vulnerability CVE-2017-9805

Security Advisory Description The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads...

K65065347: Apache Struts vulnerability CVE-2018-1327

Security Advisory Description The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as...

K35226442: Apache Struts vulnerabilities CVE-2019-0233 and CVE-2019-0230

Security Advisory Description CVE-2019-0233 An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload. CVE-2019-0230 Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, ma...

K24608264: Apache Struts vulnerabilities CVE-2020-17530 and CVE-2021-31805

Security Advisory Description CVE-2020-17530 Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. CVE-2021-31805 The fix issued for CVE-2020-17530 was incomplete. So from Apache Stru...