Vulnerabilities > Apache > Struts > 2.2.1.1

DATE CVE VULNERABILITY TITLE RISK
2023-12-07 CVE-2023-50164 Files or Directories Accessible to External Parties vulnerability in Apache Struts
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
network
low complexity
apache CWE-552
critical
9.8
2023-12-05 CVE-2023-41835 Incomplete Cleanup vulnerability in Apache Struts
When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
network
low complexity
apache CWE-459
7.5
2023-06-14 CVE-2023-34149 Allocation of Resources Without Limits or Throttling vulnerability in Apache Struts
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.
network
low complexity
apache CWE-770
6.5
2023-06-14 CVE-2023-34396 Allocation of Resources Without Limits or Throttling vulnerability in Apache Struts
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater
network
low complexity
apache CWE-770
7.5
2022-04-12 CVE-2021-31805 Expression Language Injection vulnerability in Apache Struts
The fix issued for CVE-2020-17530 was incomplete.
network
low complexity
apache CWE-917
7.5
2020-12-11 CVE-2020-17530 Expression Language Injection vulnerability in multiple products
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
network
low complexity
apache oracle CWE-917
7.5
2020-09-14 CVE-2019-0233 Improper Preservation of Permissions vulnerability in multiple products
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
network
low complexity
apache oracle CWE-281
5.0
2020-09-14 CVE-2019-0230 Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
network
low complexity
apache oracle
critical
9.8
2020-02-27 CVE-2015-2992 Cross-site Scripting vulnerability in Apache Struts
Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.
network
apache CWE-79
4.3
2019-11-01 CVE-2011-3923 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
network
low complexity
apache redhat CWE-732
critical
9.8