Vulnerabilities > Apache > Struts > 2.0.0

DATE CVE VULNERABILITY TITLE RISK
2016-04-12 CVE-2016-0785 Improper Input Validation vulnerability in Apache Struts
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
network
low complexity
apache CWE-20
8.8
8.8
2013-07-20 CVE-2013-2251 Injection vulnerability in multiple products
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
network
low complexity
apache fujitsu oracle CWE-74
critical
 9.8
9.8
2013-07-10 CVE-2013-2115 Code Injection vulnerability in Apache Struts
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
network
high complexity
apache CWE-94
8.1
8.1