Vulnerabilities > Apache > Struts > 2.5.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-01 | CVE-2017-15707 | Improper Input Validation vulnerability in multiple products In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. | 5.0 |
| 2017-09-15 | CVE-2017-9805 | Deserialization of Untrusted Data vulnerability in Apache Struts The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. | 6.8 |