Struts@* Security Vulnerabilities and Issues — Struts@* CVE List

Lucene search

ApacheStruts*

13 matches found

CVE•added 2017/03/11 2:59 a.m.•1640 views

CVE-2017-5638

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Co...

10CVSS9.2AI score0.94267EPSS

CVE•added 2017/09/15 7:29 p.m.•1399 views

CVE-2017-9805

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

8.1CVSS8.4AI score0.9439EPSS

CVE•added 2017/07/10 4:29 p.m.•1062 views

CVE-2017-9791

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

9.8CVSS9.4AI score0.94263EPSS

CVE•added 2017/09/20 5:29 p.m.•414 views

CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

9.8CVSS9.3AI score0.94295EPSS

CVE•added 2017/07/13 3:29 p.m.•110 views

CVE-2017-7672

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.

5.9CVSS6.2AI score0.01132EPSS

CVE•added 2017/07/13 3:29 p.m.•103 views

CVE-2017-9787

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.

7.5CVSS7.4AI score0.13883EPSS

CVE•added 2017/09/20 5:29 p.m.•103 views

CVE-2017-9793

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

7.5CVSS7.4AI score0.13427EPSS

CVE•added 2017/09/20 5:29 p.m.•102 views

CVE-2017-9804

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerabil...

7.5CVSS6.4AI score0.12074EPSS

CVE•added 2017/09/20 5:29 p.m.•95 views

CVE-2016-6795

In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.

9.8CVSS9.5AI score0.12481EPSS

CVE•added 2017/12/01 4:29 p.m.•86 views

CVE-2017-15707

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

6.2CVSS6.2AI score0.02482EPSS

CVE•added 2017/09/20 5:29 p.m.•66 views

CVE-2016-8738

In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.

5.9CVSS5.5AI score0.006EPSS

CVE•added 2017/09/25 9:29 p.m.•63 views

CVE-2015-5169

Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.

6.1CVSS5.9AI score0.01559EPSS

CVE•added 2017/10/16 4:29 p.m.•58 views

CVE-2016-4461

Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.

9CVSS8.8AI score0.33397EPSS