Struts@2.0.6 Security Vulnerabilities and Issues — Struts@2.0.6 CVE List

Lucene search

ApacheStruts2.0.6

3 matches found

CVE•added 2009/03/23 2:19 p.m.•84 views

CVE-2008-6504

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements an...

5CVSS6.8AI score0.65077EPSS

CVE•added 2009/03/23 2:19 p.m.•65 views

CVE-2008-6505

Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in...

5CVSS6.8AI score0.5752EPSS

CVE•added 2009/04/09 3:8 p.m.•50 views

CVE-2008-6682

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2...

4.3CVSS5.7AI score0.01223EPSS