Skip to main content
CVE-2015-0899 HIGH PATCH Act Now

The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 69.5%.

Authentication Bypass Apache Struts
NVD
CVSS 3.0
7.5
EPSS
69.5%
CVE-2016-3092 HIGH PATCH Act Now

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.9%.

Tomcat Denial Of Service Apache Icewall Identity Manager Icewall Sso Agent Option +3
NVD
CVSS 3.0
7.5
EPSS
33.9%
CVE-2016-1181 HIGH PATCH This Week

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Denial Of Service Java Apache Banking Platform +2
NVD GitHub
CVSS 3.0
8.1
EPSS
9.4%
CVE-2016-4431 HIGH PATCH This Week

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apache Struts
NVD
CVSS 3.0
7.5
EPSS
8.2%
CVE-2016-4430 HIGH PATCH This Week

Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Apache Struts
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2016-1182 HIGH PATCH This Week

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Denial Of Service Java Apache Struts
NVD GitHub
CVSS 3.0
8.2
EPSS
1.8%
CVE-2016-4433 HIGH PATCH This Week

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apache Struts
NVD
CVSS 3.0
7.5
EPSS
3.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy