Struts@2.3.25 Security Vulnerabilities and Issues — Struts@2.3.25 CVE List

Lucene search

ApacheStruts2.3.25

5 matches found

CVE•added 2017/09/20 5:29 p.m.•414 views

CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

9.8CVSS9.3AI score0.94295EPSS

CVE•added 2017/07/13 3:29 p.m.•103 views

CVE-2017-9787

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.

7.5CVSS7.4AI score0.13883EPSS

CVE•added 2017/09/20 5:29 p.m.•103 views

CVE-2017-9793

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

7.5CVSS7.4AI score0.13427EPSS

CVE•added 2017/09/20 5:29 p.m.•102 views

CVE-2017-9804

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerabil...

7.5CVSS6.4AI score0.12074EPSS

CVE•added 2017/09/20 5:29 p.m.•95 views

CVE-2016-6795

In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.

9.8CVSS9.5AI score0.12481EPSS