Struts@2.3.4 Security Vulnerabilities and Issues — Struts@2.3.4 CVE List

Lucene search

ApacheStruts2.3.4

3 matches found

CVE•added 2013/07/20 3:37 a.m.•194 views

CVE-2013-2248

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.

5.8CVSS7.9AI score0.93635EPSS

CVE•added 2013/09/30 9:55 p.m.•93 views

CVE-2013-4316

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

10CVSS7.8AI score0.07066EPSS

CVE•added 2013/09/30 9:55 p.m.•71 views

CVE-2013-4310

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.

5.8CVSS7.7AI score0.09489EPSS