Vulnerabilities > Apache > Struts > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-14 CVE-2023-34149 Allocation of Resources Without Limits or Throttling vulnerability in Apache Struts
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.
network
low complexity
apache CWE-770
6.5
2020-09-14 CVE-2019-0233 Improper Preservation of Permissions vulnerability in multiple products
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
network
low complexity
apache oracle CWE-281
5.0
2020-02-27 CVE-2015-2992 Cross-site Scripting vulnerability in Apache Struts
Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.
network
apache CWE-79
4.3
2017-12-01 CVE-2017-15707 Improper Input Validation vulnerability in multiple products
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
network
low complexity
apache netapp oracle CWE-20
5.0
2017-10-30 CVE-2016-3090 Improper Input Validation vulnerability in Apache Struts
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.
network
low complexity
apache CWE-20
6.5
2017-09-25 CVE-2015-5169 Cross-site Scripting vulnerability in Apache Struts
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.
network
apache CWE-79
4.3
2017-09-20 CVE-2017-9804 Improper Input Validation vulnerability in Apache Struts
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
network
low complexity
apache CWE-20
5.0
2017-09-20 CVE-2017-9793 Improper Input Validation vulnerability in Apache Struts
The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
network
low complexity
apache CWE-20
5.0
2017-09-20 CVE-2016-8738 Improper Input Validation vulnerability in Apache Struts
In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
network
apache CWE-20
4.3
2017-08-29 CVE-2015-5209 Improper Input Validation vulnerability in Apache Struts
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
network
low complexity
apache CWE-20
5.0