Struts@2.3.15 Security Vulnerabilities and Issues — Struts@2.3.15 CVE List

Lucene search

ApacheStruts2.3.15

5 matches found

CVE•added 2016/04/26 2:59 p.m.•209 views

CVE-2016-3081

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.

9.3CVSS8.2AI score0.94025EPSS

CVE•added 2016/04/26 2:59 p.m.•76 views

CVE-2016-3082

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.

10CVSS9.6AI score0.27347EPSS

CVE•added 2016/10/03 3:59 p.m.•74 views

CVE-2016-4436

Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.

9.8CVSS8.5AI score0.06115EPSS

CVE•added 2016/06/07 6:59 p.m.•68 views

CVE-2016-3093

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.

5.3CVSS5.3AI score0.04652EPSS

CVE•added 2016/04/12 4:59 p.m.•54 views

CVE-2016-2162

Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.

6.1CVSS5.8AI score0.06525EPSS