Struts@2.3.10 Security Vulnerabilities and Issues — Struts@2.3.10 CVE List

Lucene search

ApacheStruts2.3.10

6 matches found

CVE•added 2017/09/20 5:29 p.m.•414 views

CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

9.8CVSS9.3AI score0.94295EPSS

CVE•added 2017/07/13 3:29 p.m.•103 views

CVE-2017-9787

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.

7.5CVSS7.4AI score0.13883EPSS

CVE•added 2017/09/20 5:29 p.m.•103 views

CVE-2017-9793

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

7.5CVSS7.4AI score0.13427EPSS

CVE•added 2017/09/20 5:29 p.m.•102 views

CVE-2017-9804

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerabil...

7.5CVSS6.4AI score0.12074EPSS

CVE•added 2017/08/29 3:29 p.m.•69 views

CVE-2015-5209

Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.

7.5CVSS7.3AI score0.03619EPSS

CVE•added 2017/10/30 2:29 p.m.•46 views

CVE-2016-3090

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.

8.8CVSS8.7AI score0.02858EPSS