Apache

Struts

90 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2013-2251

Warnung Exploit
  • EPSS 94.33%
  • Veröffentlicht 20.07.2013 03:37:30
  • Zuletzt bearbeitet 22.04.2026 14:39:34

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

5.8

CVE-2013-2248

  • EPSS 91.95%
  • Veröffentlicht 20.07.2013 03:37:30
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.

9.3

CVE-2013-2135

  • EPSS 83.01%
  • Veröffentlicht 16.07.2013 18:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.

9.3

CVE-2013-2134

  • EPSS 91.53%
  • Veröffentlicht 16.07.2013 18:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.

9.3

CVE-2013-1965

  • EPSS 91.79%
  • Veröffentlicht 10.07.2013 19:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.

9.3

CVE-2013-1966

  • EPSS 91.1%
  • Veröffentlicht 10.07.2013 19:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.

9.3

CVE-2013-2115

  • EPSS 87.61%
  • Veröffentlicht 10.07.2013 19:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix...

5

CVE-2012-4387

  • EPSS 7.92%
  • Veröffentlicht 05.09.2012 23:55:02
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.

6.8

CVE-2012-4386

  • EPSS 3.24%
  • Veröffentlicht 05.09.2012 23:55:02
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configurati...

10

CVE-2012-0838

  • EPSS 11.11%
  • Veröffentlicht 02.03.2012 22:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.