CVE-2013-2251
- EPSS 100%
- Veröffentlicht 20.07.2013 03:37:30
- Zuletzt bearbeitet 22.04.2026 14:39:34
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
CVE-2013-2248
- EPSS 94.65%
- Veröffentlicht 20.07.2013 03:37:30
- Zuletzt bearbeitet 29.04.2026 01:13:23
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
CVE-2013-2135
- EPSS 13.83%
- Veröffentlicht 16.07.2013 18:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
CVE-2013-2134
- EPSS 70.21%
- Veröffentlicht 16.07.2013 18:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
CVE-2013-1965
- EPSS 93.81%
- Veröffentlicht 10.07.2013 19:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
CVE-2013-1966
- EPSS 71.77%
- Veröffentlicht 10.07.2013 19:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
CVE-2013-2115
- EPSS 72.78%
- Veröffentlicht 10.07.2013 19:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix...
- EPSS 8.35%
- Veröffentlicht 05.09.2012 23:55:02
- Zuletzt bearbeitet 16.06.2026 23:44:55
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
CVE-2012-4386
- EPSS 3.33%
- Veröffentlicht 05.09.2012 23:55:02
- Zuletzt bearbeitet 16.06.2026 23:44:55
The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configurati...
- EPSS 13.88%
- Veröffentlicht 02.03.2012 22:55:01
- Zuletzt bearbeitet 16.06.2026 23:38:21
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.