Apache » Struts : Security Vulnerabilities, CVEs, Published In 2020

CVE-2020-17530

Known exploited
Public exploit
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
Max CVSS
9.8
EPSS Score
97.23%
Published
2020-12-11
Updated
2022-06-03
CISA KEV Added
2021-11-03

CVE-2019-0233

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
Max CVSS
7.5
EPSS Score
13.22%
Published
2020-09-14
Updated
2022-04-18

CVE-2019-0230

Public exploit
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Max CVSS
9.8
EPSS Score
95.36%
Published
2020-09-14
Updated
2022-12-02

CVE-2015-2992

Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.
Max CVSS
6.1
EPSS Score
0.59%
Published
2020-02-27
Updated
2021-01-08
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close