Struts@2.3.5 Security Vulnerabilities and Issues — Struts@2.3.5 CVE List

Lucene search

ApacheStruts2.3.5

3 matches found

CVE•added 2017/09/20 5:29 p.m.•414 views

CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

9.8CVSS9.3AI score0.94295EPSS

CVE•added 2017/08/29 3:29 p.m.•69 views

CVE-2015-5209

Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.

7.5CVSS7.3AI score0.03619EPSS

CVE•added 2017/10/30 2:29 p.m.•46 views

CVE-2016-3090

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.

8.8CVSS8.7AI score0.02858EPSS