Skip to main content
CVE-2016-4438 CRITICAL PATCH Act Now

The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 62.1%.

RCE Apache Struts
NVD
CVSS 3.0
9.8
EPSS
62.1%
CVE-2015-0899 HIGH PATCH Act Now

The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 69.5%.

Authentication Bypass Apache Struts
NVD
CVSS 3.0
7.5
EPSS
69.5%
CVE-2016-3092 HIGH PATCH Act Now

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.9%.

Tomcat Denial Of Service Apache Icewall Identity Manager Icewall Sso Agent Option +3
NVD
CVSS 3.0
7.5
EPSS
33.9%
CVE-2016-1181 HIGH PATCH This Week

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Denial Of Service Java Apache Banking Platform +2
NVD GitHub
CVSS 3.0
8.1
EPSS
9.4%
CVE-2016-4431 HIGH PATCH This Week

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apache Struts
NVD
CVSS 3.0
7.5
EPSS
8.2%
CVE-2016-4430 HIGH PATCH This Week

Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Apache Struts
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2016-1182 HIGH PATCH This Week

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Denial Of Service Java Apache Struts
NVD GitHub
CVSS 3.0
8.2
EPSS
1.8%
CVE-2016-4433 HIGH PATCH This Week

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apache Struts
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2016-4465 MEDIUM PATCH This Month

The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.4%.

Denial Of Service Apache Struts
NVD
CVSS 3.0
5.3
EPSS
10.4%
CVE-2016-5848 MEDIUM This Month

Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Sicam Pas Pqs
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2016-0899 MEDIUM This Month

EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Rsa Archer Egrc
NVD
CVSS 3.0
6.3
EPSS
0.2%
CVE-2016-5849 LOW Monitor

Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage. Rated low severity (CVSS 2.5). No vendor patch available.

Information Disclosure Siemens Sicam Pas Pqs
NVD
CVSS 3.1
2.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy