Vulnerabilities > Apache > Struts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-04 | CVE-2016-4438 | Improper Input Validation vulnerability in Apache Struts The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. | 9.8 |
| 2016-07-04 | CVE-2016-4433 | Improper Input Validation vulnerability in Apache Struts Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request. | 7.5 |
| 2016-07-04 | CVE-2016-4431 | Improper Input Validation vulnerability in Apache Struts Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method. | 7.5 |
| 2016-07-04 | CVE-2016-4430 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Struts Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. | 8.8 |
| 2016-07-04 | CVE-2016-1182 | Improper Input Validation vulnerability in Apache Struts ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899. | 8.2 |
| 2016-07-04 | CVE-2016-1181 | ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899. | 8.1 |
| 2016-07-04 | CVE-2015-0899 | Improper Input Validation vulnerability in Apache Struts The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter. | 7.5 |
| 2016-06-07 | CVE-2016-3093 | Improper Input Validation vulnerability in multiple products Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors. | 5.3 |
| 2016-06-07 | CVE-2016-3087 | Improper Input Validation vulnerability in Apache Struts Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin. | 9.8 |
| 2016-04-26 | CVE-2016-3082 | Improper Input Validation vulnerability in Apache Struts XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter. | 9.8 |