CVE-2020-17530

Known exploited
Public exploit
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
Max CVSS
9.8
EPSS Score
97.23%
Published
2020-12-11
Updated
2022-06-03
CISA KEV Added
2021-11-03

CVE-2019-0230

Public exploit
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Max CVSS
9.8
EPSS Score
95.36%
Published
2020-09-14
Updated
2022-12-02

CVE-2018-11776

Known exploited
Public exploit
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
Max CVSS
9.3
EPSS Score
97.52%
Published
2018-08-22
Updated
2023-06-12
CISA KEV Added
2021-11-03

CVE-2017-9805

Known exploited
Public exploit
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
Max CVSS
8.1
EPSS Score
97.54%
Published
2017-09-15
Updated
2019-08-12
CISA KEV Added
2021-11-03

CVE-2017-9791

Known exploited
Public exploit
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
Max CVSS
9.8
EPSS Score
97.45%
Published
2017-07-10
Updated
2020-05-28
CISA KEV Added
2022-02-10

CVE-2017-5638

Known exploited
Public exploit
Used for ransomware
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Max CVSS
10.0
EPSS Score
97.53%
Published
2017-03-11
Updated
2021-02-24
CISA KEV Added
2021-11-03

CVE-2016-3087

Public exploit
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
Max CVSS
9.8
EPSS Score
46.49%
Published
2016-06-07
Updated
2019-08-12

CVE-2016-3081

Public exploit
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
Max CVSS
9.3
EPSS Score
97.52%
Published
2016-04-26
Updated
2019-08-12

CVE-2014-0114

Public exploit
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Max CVSS
7.5
EPSS Score
97.31%
Published
2014-04-30
Updated
2023-02-13

CVE-2014-0112

Public exploit
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
Max CVSS
7.5
EPSS Score
97.40%
Published
2014-04-29
Updated
2019-08-12

CVE-2014-0094

Public exploit
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
Max CVSS
5.0
EPSS Score
97.09%
Published
2014-03-11
Updated
2019-08-12

CVE-2013-2251

Known exploited
Public exploit
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
Max CVSS
9.3
EPSS Score
97.42%
Published
2013-07-20
Updated
2020-10-20
CISA KEV Added
2022-03-25

CVE-2013-2115

Public exploit
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
Max CVSS
9.3
EPSS Score
0.22%
Published
2013-07-10
Updated
2020-09-24

CVE-2013-1966

Public exploit
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
Max CVSS
9.3
EPSS Score
1.86%
Published
2013-07-10
Updated
2019-08-12

CVE-2012-0394

Public exploit
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
Max CVSS
6.8
EPSS Score
94.20%
Published
2012-01-08
Updated
2024-03-21

CVE-2012-0391

Known exploited
Public exploit
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
Max CVSS
9.3
EPSS Score
36.44%
Published
2012-01-08
Updated
2018-11-23
CISA KEV Added
2022-01-21

CVE-2011-3923

Public exploit
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
Max CVSS
9.8
EPSS Score
95.18%
Published
2019-11-01
Updated
2019-12-02

CVE-2010-1870

Public exploit
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.
Max CVSS
5.0
EPSS Score
6.17%
Published
2010-08-17
Updated
2020-10-20
18 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!