VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.apache.struts:struts2-core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-12611 critical 9.8 10.0 9y ago Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal
CVE-2016-3087 critical 9.8 10.0 10y ago Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
CVE-2013-4316 critical 10.0 13y ago Code injection in Apache Struts
CVE-2013-2134 critical 10.0 13y ago Arbitrary code execution in Apache Struts 2
CVE-2013-1966 critical 10.0 13y ago Arbitrary code execution in Apache Struts
CVE-2012-0838 critical 10.0 15y ago Apache Struts Code injection due to conversion error
CVE-2016-4436 critical 9.8 9.8 10y ago Apache Struts improper action name cleanup
CVE-2016-4438 critical 9.8 9.8 10y ago Arbitrary code execution in Apache Struts 2
CVE-2016-3082 critical 9.8 9.8 10y ago Remote Code Execution in Apache Struts
CVE-2013-2135 critical 9.3 13y ago Arbitrary code execution in Apache Struts 2
CVE-2013-1965 critical 9.3 13y ago Improper Control of Generation of Code in Apache Struts
CVE-2016-3081 high 8.1 9.1 10y ago Apache Struts RCE Vulnerability
CVE-2013-2115 high 8.1 9.1 13y ago Code injection in Apache Struts
CVE-2016-4461 high 8.8 8.8 9y ago Apache Struts forced double OGNL evaluation
CVE-2016-0785 high 8.8 8.8 10y ago Apache Struts RCE Vulnerability
CVE-2014-0113 high 8.5 12y ago ClassLoader manipulation in Apache Struts
CVE-2014-0112 high 8.5 12y ago ClassLoader manipulation in Apache Struts
CVE-2017-9804 high 7.5 7.5 9y ago Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
CVE-2015-5209 high 7.5 7.5 9y ago Special top object can be used to access Struts' internals
CVE-2017-9787 high 7.5 7.5 9y ago Spring AOP functionality (Struts) vulnerable to DoS attack
CVE-2015-1831 high 7.5 11y ago Incomplete exclude pattern in Apache Struts