An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
Max CVSS
7.5
EPSS Score
13.22%
Published
2020-09-14
Updated
2022-04-18
Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.
Max CVSS
5.3
EPSS Score
2.73%
Published
2016-06-07
Updated
2023-02-12
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
Max CVSS
5.0
EPSS Score
1.64%
Published
2012-09-05
Updated
2017-08-29
3 vulnerabilities found