VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.apache.struts:struts2-core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2012-0392 medium 7.8 15y ago Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
CVE-2012-0393 medium 7.4 15y ago Apache Struts's ParameterInterceptor component does not prevent access to public constructors
CVE-2014-7809 medium 6.8 12y ago Cross-Site Request Forgery in Apache Struts
CVE-2013-2248 medium 6.8 13y ago Open redirect in Apache Struts
CVE-2012-4386 medium 6.8 14y ago Cross-Site Request Forgery in Apache Struts
CVE-2015-5169 medium 6.1 6.1 9y ago Cross-site Scripting in Apache Struts
CVE-2016-4003 medium 6.1 6.1 10y ago Cross-site Scripting in Apache Struts
CVE-2016-2162 medium 6.1 6.1 10y ago Apache Struts XSS Vulnerability
CVE-2014-0094 medium 6.0 12y ago ClassLoader manipulation in Apache Struts
CVE-2010-1870 medium 6.0 16y ago Server side object manipulation in Apache Struts
CVE-2016-8738 medium 5.9 5.9 9y ago Apache Struts vulnerable to possible DoS attack when using URLValidator
CVE-2017-7672 medium 5.9 5.9 9y ago Apache Struts Improper Input Validation vulnerability
CVE-2014-0116 medium 5.8 12y ago ClassLoader manipulation in Apache Struts
CVE-2013-4310 medium 5.8 13y ago Apache Struts2 Broken Access Control Vulnerability
CVE-2016-4465 medium 5.3 5.3 10y ago Apache Struts vulnerable to possible DoS attack when using URLValidator
CVE-2016-3093 medium 5.3 5.3 10y ago Denial of service in Apache Struts
CVE-2013-6348 medium 4.3 13y ago Apache Struts is vulnerable to Cross-site Scripting
CVE-2011-1772 low 3.6 15y ago Cross-site Scripting in Apache Struts
CVE-2013-2251 unknown 2.5 4y ago Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.
CVE-2012-0391 unknown 2.5 4y ago The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.
CVE-2020-17530 unknown 2.5 4y ago Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.
CVE-2018-11776 unknown 2.5 8y ago Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defi…
CVE-2017-5638 unknown 2.5 8y ago Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.
CVE-2008-6505 unknown 1.0 4y ago Apache Struts directory traversal vulnerability
CVE-2012-1592 unknown 1.0 4y ago Unrestricted Upload of File with Dangerous Type in Apache Struts2
CVE-2011-3923 unknown 1.0 4y ago Struts ParameterInterceptor vulnerability allows remote command execution
CVE-2019-0230 unknown 1.0 5y ago Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts
CVE-2025-68493 unknown 5mo ago Apache Struts 2 is Missing XML Validation
CVE-2025-66675 unknown 6mo ago Apache Struts has a Denial of Service vulnerability
CVE-2025-64775 unknown 6mo ago Apache Struts is Vulnerable to DoS via File Leak
CVE-2024-53677 unknown 2y ago Apache Struts file upload logic is flawed
CVE-2023-50164 unknown 3y ago Apache Struts vulnerable to path traversal
CVE-2023-41835 unknown 3y ago Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
CVE-2023-34396 unknown 3y ago Apache Struts vulnerable to memory exhaustion
CVE-2023-34149 unknown 3y ago Apache Struts vulnerable to memory exhaustion
CVE-2019-0233 unknown 4y ago Improper Preservation of Permissions in Apache Struts
CVE-2008-6682 unknown 4y ago Apache Struts is vulnerable to Cross-site Scripting
CVE-2021-31805 unknown 4y ago Expression Language Injection in Apache Struts