Vulnerabilities > Apache > Struts > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-07-04 CVE-2016-4438 Improper Input Validation vulnerability in Apache Struts
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
network
low complexity
apache CWE-20
critical
 9.8
9.8
2016-06-07 CVE-2016-3087 Improper Input Validation vulnerability in Apache Struts
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
network
low complexity
apache CWE-20
critical
 9.8
9.8
2016-04-26 CVE-2016-3082 Improper Input Validation vulnerability in Apache Struts
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
network
low complexity
apache CWE-20
critical
 9.8
9.8
2013-07-20 CVE-2013-2251 Injection vulnerability in multiple products
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
network
low complexity
apache fujitsu oracle CWE-74
critical
 9.8
9.8