Lucene search

Struts Security Vulnerabilities - 2020

cve

CVE-2015-2992

Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.

6.1CVSS

5.8AI Score

0.006EPSS

2020-02-27 06:15 PM

cve

CVE-2019-0230

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

9.8CVSS

9.5AI Score

0.954EPSS

2020-09-14 05:15 PM

278

In Wild

cve

CVE-2019-0233

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

7.5CVSS

8.1AI Score

0.098EPSS

2020-09-14 05:15 PM

102

cve

CVE-2020-17530

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

9.8CVSS

9.6AI Score

0.973EPSS

2020-12-11 02:15 AM

1216

In Wild