Show filters
20 Total Results
Displaying 1-10 of 20
Sort by:
Attacker Value
Unknown
CVE-2016-3090
Disclosure Date: October 30, 2017 (last updated November 26, 2024)
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.
0
Attacker Value
Unknown
CVE-2017-9793
Disclosure Date: September 20, 2017 (last updated November 26, 2024)
The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
0
Attacker Value
Unknown
CVE-2017-9804
Disclosure Date: September 20, 2017 (last updated November 26, 2024)
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.
0
Attacker Value
Unknown
CVE-2017-12611
Disclosure Date: September 15, 2017 (last updated November 26, 2024)
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
0
Attacker Value
Unknown
CVE-2015-5209
Disclosure Date: August 29, 2017 (last updated November 26, 2024)
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
0
Attacker Value
Unknown
CVE-2017-9787
Disclosure Date: July 13, 2017 (last updated November 08, 2023)
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.
0
Attacker Value
Unknown
CVE-2017-9791
Disclosure Date: July 10, 2017 (last updated November 26, 2024)
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
0
Attacker Value
Unknown
CVE-2016-4436
Disclosure Date: October 03, 2016 (last updated November 25, 2024)
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.
0
Attacker Value
Unknown
CVE-2016-3093
Disclosure Date: June 07, 2016 (last updated November 25, 2024)
Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.
0
Attacker Value
Unknown
CVE-2016-3081
Disclosure Date: April 26, 2016 (last updated November 25, 2024)
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
0
