Vulnerabilities > Apache > Struts > 2.0.12
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-27 | CVE-2015-2992 | Cross-site Scripting vulnerability in Apache Struts Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability. | 6.1 |
| 2019-11-01 | CVE-2011-3923 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | 9.8 |
| 2018-08-22 | CVE-2018-11776 | Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace. | 8.1 |
| 2017-10-30 | CVE-2016-3090 | Improper Input Validation vulnerability in Apache Struts The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling. | 8.8 |
| 2017-10-16 | CVE-2016-4461 | Improper Input Validation vulnerability in multiple products Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. | 8.8 |
| 2017-09-25 | CVE-2015-5169 | Cross-site Scripting vulnerability in Apache Struts Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20. | 6.1 |
| 2017-09-20 | CVE-2017-12611 | Improper Input Validation vulnerability in Apache Struts In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. | 9.8 |
| 2017-08-29 | CVE-2015-5209 | Improper Input Validation vulnerability in Apache Struts Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object. | 7.5 |
| 2016-10-03 | CVE-2016-4436 | Unspecified vulnerability in Apache Struts Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up. | 9.8 |
| 2016-06-07 | CVE-2016-3093 | Improper Input Validation vulnerability in multiple products Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors. | 5.3 |