SUSE CVE-2016-4438

The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression...

SUSE CVE-2017-9793

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload...

Exploit for Deserialization of Untrusted Data in Apache Struts

CVE-2017-9805 CVE-2017-9805 POC The issue comes fro...

org.apache.struts:struts2-assembly (>=2.2.1 <=2.3.15), org.apache.struts:struts2-rest-showcase (>=2.1.2 <=2.3.15.1) +3 more potentially affected by CVE-2013-4316 via org.apache.struts:struts2-rest-plugin (>=2.1.2 <=2.3.15.1)

org.apache.struts:struts2-rest-plugin MAVEN version =2.1.2, =2.2.1, =2.1.2, =2.0-RC2.3, =2.0-RC3 Source cves: CVE-2013-4316 Source advisory: OSV:GHSA-J7H6-XR7G-M2C5...

org.apache.struts:struts2-assembly (>=2.3.1.1 <=2.3.28.1), org.apache.struts:struts2-rest-showcase (>=2.3.1.1 <=2.3.28.1) +2 more potentially affected by CVE-2016-4438 via org.apache.struts:struts2-rest-plugin (>=2.3.1.1 <=2.3.28.1)

org.apache.struts:struts2-rest-plugin MAVEN version =2.3.1.1, =2.3.1.1, =2.3.1.1, =1.0, =1.0.1 - org.meruvian.yama:yama-struts-core =1.0.1 Source cves: CVE-2016-4438 Source advisory: OSV:GHSA-4PRJ-VW9J-V6PR...

org.apache.struts:struts2-assembly (>=2.2.1 <=2.3.33), org.apache.struts:struts2-rest-showcase (>=2.1.2 <=2.3.33) +5 more potentially affected by CVE-2017-9805 via org.apache.struts:struts2-rest-plugin (>=2.1.2 <=2.3.33)

org.apache.struts:struts2-rest-plugin MAVEN version =2.1.2, =2.2.1, =2.1.2, =2.0-RC2.3, =1.0, =1.0.1 - org.meruvian.yama:yama-struts-core =1.0.1 Source cves: CVE-2017-9805 Source advisory: OSV:GHSA-GG9M-FJ3V-R58C...

org.apache.struts:struts2-assembly (>=2.5.1 <=2.5.12), org.apache.struts:struts2-rest-showcase (>=2.5.1 <=2.5.12) potentially affected by CVE-2017-9805 via org.apache.struts:struts2-rest-plugin (>=2.5.1 <=2.5.12)

org.apache.struts:struts2-rest-plugin MAVEN version =2.5.1, =2.5.1, =2.5.1, =2.5.12 Source cves: CVE-2017-9805 Source advisory: OSV:GHSA-GG9M-FJ3V-R58C...

org.apache.struts:struts2-assembly (>=2.2.1 <=2.3.33), org.apache.struts:struts2-rest-showcase (>=2.1.2 <=2.3.33) +5 more potentially affected by CVE-2017-9793 +1 more via org.apache.struts:struts2-rest-plugin (>=2.1.2 <=2.3.33)

org.apache.struts:struts2-rest-plugin MAVEN version =2.1.2, =2.2.1, =2.1.2, =2.0-RC2.3, =1.0, =1.0.1 - org.meruvian.yama:yama-struts-core =1.0.1 Source cves: CVE-2017-9793, CVE-2017-9805 Source advisory: OSV:GHSA-VWXJ-6M5M-RRVH...

org.apache.struts:struts2-assembly (>=2.2.1 <=2.5.14.1), org.apache.struts:struts2-rest-showcase (>=2.1.2 <=2.5.14.1) +5 more potentially affected by CVE-2018-1327 via org.apache.struts:struts2-rest-plugin (>=2.1.2 <=2.5.14.1)

org.apache.struts:struts2-rest-plugin MAVEN version =2.1.2, =2.2.1, =2.1.2, =2.0-RC2.3, =1.0, =1.0.1 - org.meruvian.yama:yama-struts-core =1.0.1 Source cves: CVE-2018-1327 Source advisory: OSV:GHSA-38CR-2PH5-FRR9...

Denial Of Service (DoS)

Apache Struts REST plugin is vulnerable to denial of service DoS attacks. The application uses a version of the xstream library before version 1.4.10, which can crash when attempting to unmarshal void. This is related to CVE-2017-7957...

CVE-2017-9793

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload...

BSA-2017-429

Security Advisory ID : BSA-2017-429 Component : Struts REST Revision : 2.0: Interim A flaw was found in the Struts REST plugin when using an outdatedXStreamlibrary. An attacker could perform a denial of service attack using a malicious request with specially crafted XML payload. Affected Products...

Apache Struts vulnerable to remote code execution

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Web applications that are developed using Apache Struts 2 REST Plugin contain a remote code execution vulnerability. Note that the exploit code for this vulnerability is...