Apache

Struts

87 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2013-2134

  • EPSS 90.72%
  • Published 16.07.2013 18:55:01
  • Last modified 11.04.2025 00:51:21

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.

9.3

CVE-2013-2115

  • EPSS 91.3%
  • Published 10.07.2013 19:55:04
  • Last modified 11.04.2025 00:51:21

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix...

9.3

CVE-2013-1966

  • EPSS 90.95%
  • Published 10.07.2013 19:55:04
  • Last modified 11.04.2025 00:51:21

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.

9.3

CVE-2013-1965

  • EPSS 91.33%
  • Published 10.07.2013 19:55:04
  • Last modified 11.04.2025 00:51:21

Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.

5

CVE-2012-4387

  • EPSS 12.94%
  • Published 05.09.2012 23:55:02
  • Last modified 11.04.2025 00:51:21

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.

6.8

CVE-2012-4386

  • EPSS 3.24%
  • Published 05.09.2012 23:55:02
  • Last modified 11.04.2025 00:51:21

The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configurati...

10

CVE-2012-0838

  • EPSS 25.9%
  • Published 02.03.2012 22:55:01
  • Last modified 11.04.2025 00:51:21

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.

4.3

CVE-2012-1007

Exploit
  • EPSS 17.69%
  • Published 07.02.2012 04:09:20
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-co...

4.3

CVE-2012-1006

  • EPSS 84.49%
  • Published 07.02.2012 04:09:20
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) cl...

5

CVE-2011-5057

  • EPSS 59.58%
  • Published 08.01.2012 17:55:00
  • Last modified 11.04.2025 00:51:21

Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted par...