Apache

Struts

90 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2013-2251

Warnung Exploit
  • EPSS 94.33%
  • Veröffentlicht 20.07.2013 03:37:30
  • Zuletzt bearbeitet 22.10.2025 01:15:48

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

5.8

CVE-2013-2248

  • EPSS 93.18%
  • Veröffentlicht 20.07.2013 03:37:30
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.

9.3

CVE-2013-2135

  • EPSS 83.46%
  • Veröffentlicht 16.07.2013 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.

9.3

CVE-2013-2134

  • EPSS 92.2%
  • Veröffentlicht 16.07.2013 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.

9.3

CVE-2013-1965

  • EPSS 91.5%
  • Veröffentlicht 10.07.2013 19:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.

9.3

CVE-2013-1966

  • EPSS 90.95%
  • Veröffentlicht 10.07.2013 19:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.

9.3

CVE-2013-2115

  • EPSS 89.76%
  • Veröffentlicht 10.07.2013 19:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix...

5

CVE-2012-4387

  • EPSS 12.94%
  • Veröffentlicht 05.09.2012 23:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.

6.8

CVE-2012-4386

  • EPSS 3.24%
  • Veröffentlicht 05.09.2012 23:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configurati...

10

CVE-2012-0838

  • EPSS 16.42%
  • Veröffentlicht 02.03.2012 22:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.