2.5.14

DATE	CVE	VULNERABILITY TITLE	RISK
2018-08-22	CVE-2018-11776	Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace. network high complexity apache netapp oracle	8.1
2018-03-27	CVE-2018-1327	Unspecified vulnerability in Apache Struts The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. network low complexity apache	7.5
2017-12-01	CVE-2017-15707	Improper Input Validation vulnerability in multiple products In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. local low complexity apache netapp oracle CWE-20	6.2