Vulnerabilities > Apache > Struts > 2.5.10.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-12-01 | CVE-2017-15707 | Improper Input Validation vulnerability in multiple products In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. | 6.2 |
2017-09-20 | CVE-2017-9804 | Improper Input Validation vulnerability in Apache Struts In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. | 7.5 |
2017-09-20 | CVE-2017-9793 | Improper Input Validation vulnerability in Apache Struts The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload. | 7.5 |
2017-09-15 | CVE-2017-9805 | Deserialization of Untrusted Data vulnerability in multiple products The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. | 8.1 |
2017-07-13 | CVE-2017-9787 | Unspecified vulnerability in Apache Struts When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. | 7.5 |
2017-07-13 | CVE-2017-7672 | Improper Input Validation vulnerability in Apache Struts If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. | 5.9 |