Lucene search
K

6 matches found

CVE
CVE
added 2012/01/08 3:0 p.m.1144 views

CVE-2012-0391

CVE-2012-0391 affects Apache Struts 2 before 2.2.3.1, where the ExceptionDelegator interprets parameter values as OGNL expressions during certain exception handling for mismatched data types, enabling remote code execution via a crafted parameter. Multiple sources (CVE entry, CISA KEV, GHSA advis...

9.8CVSS8.5AI score0.75071EPSS
In wildWeb
CVE
CVE
added 2006/03/30 10:0 p.m.1107 views

CVE-2006-1547

CVE-2006-1547 affects Apache Struts 1.x before 1.2.9 when used with BeanUtils 1.7. The vulnerability arises from ActionForm handling a multipart/form-data form where a parameter name references getMultipartRequestHandler, granting access to elements in CommonsMultipartRequestHandler and BeanUtils...

7.8CVSS7.2AI score0.54635EPSS
In wild
CVE
CVE
added 2020/12/16 1:5 a.m.344 views

CVE-2020-26259

CVE-2020-26259 affects XStream in IBM Storage Copy Data Management (2.2.0.0–2.2.25.0). Unmarshalling user-supplied data could allow arbitrary file deletion on the host if the process runs with sufficient privileges. IBM’s remediation for the affected products is to upgrade to 2.2.26.0 (Linux) and...

6.8CVSS7.5AI score0.82392EPSS
CVE
CVE
added 2020/12/16 1:5 a.m.321 views

CVE-2020-26258

CVE-2020-26258 is a Server-Side Forgery/SSRF via XStream unmarshalling in versions prior to 1.4.15. Public docs corroborate exploitation possible by crafted input streams to access internal resources, with Java 15+ mitigating the issue and a whitelist-based Security Framework recommended over the...

7.7CVSS8.1AI score0.82238EPSS
CVE
CVE
added 2023/06/14 7:50 a.m.129 views

CVE-2023-34396

CVE-2023-34396 affects Apache Struts; a DoS condition arises when processing multipart requests with non-file fields, allowing remote attackers to exhaust resources. The entry covers Struts up to 2.5.30 and 6.1.2, with remediation by upgrading to Struts 2.5.31 or 6.1.2.1 (or later). IBM security ...

7.5CVSS5.7AI score0.05467EPSS
CVE
CVE
added 2023/06/14 7:48 a.m.98 views

CVE-2023-34149

CVE-2023-34149 describes a denial-of-service flaw in Apache Struts caused by a vulnerability in how setProperty() is handled compared to getProperty(). The issue affects Struts up to 2.5.30 and up to 6.1.2, with remediation available by upgrading to Struts 2.5.31 or 6.1.2.1 (or greater). IBM and ...

6.5CVSS5.4AI score0.05403EPSS