CVSS: 5.8EPSS: 2%CPEs: 45EXPL: 0CVE-2013-4310
https://notcve.org/view.php?id=CVE-2013-4310
30 Sep 2013 — Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. Apache Struts v2.0.0 hasta v2.3.15.1 permite a atacantes remotos evitar los controles de acceso a través de una acción manipulada: prefix. • http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 56EXPL: 0CVE-2013-4316
https://notcve.org/view.php?id=CVE-2013-4316
30 Sep 2013 — Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. Apache Struts 2.0.0 hasta la versión 2.3.15.1 habilita por defecto Dynamic Method Invocation, lo cual tiene un impacto y vectores de ataque desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html • CWE-16: Configuration CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 97%CPEs: 44EXPL: 6CVE-2013-2251 – Apache Struts Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2013-2251
18 Jul 2013 — Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix. Apache Struts v2.0.0 hasta v2.3.15 permite a atacantes remotos ejecutar expresiones OGNL arbitrarias mediante un parámetro con una (1)acción:, (2) redirect:, o (3) redirectAction: Apache Archiva versions 1.3 through Continuum 1.3.6 and versions 1.2 through 1.2.2 are vulnerable to remote command execution. Apache Struts allo... • https://packetstorm.news/files/id/122796 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.8EPSS: 96%CPEs: 44EXPL: 2CVE-2013-2248 – Apache Struts 2.2.3 - Multiple Open Redirections
https://notcve.org/view.php?id=CVE-2013-2248
18 Jul 2013 — Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix. Múltiples vulnerabilidades de redirección en Apache Struts v2.0.0 hasta v2.3.15 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing mediante una URL en un parámetro usando (1) redirect: o (2) redirect... • https://packetstorm.news/files/id/122797 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 93%CPEs: 1EXPL: 0CVE-2013-2135
https://notcve.org/view.php?id=CVE-2013-2135
16 Jul 2013 — Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice. Apache Struts 2 anterior a v2.3.14.3 permite a atacantes remotos ejecutar código OGNL arbitrario mediante una solicitud con un valor especialmente diseñado que contiene las secuencias "${}" y "%{}", lo que produce que el código OGNL sea evaluado dos veces. • http://struts.apache.org/development/2.x/docs/s2-015.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 94%CPEs: 1EXPL: 1CVE-2013-2134 – Apache Struts - OGNL Expression Injection
https://notcve.org/view.php?id=CVE-2013-2134
16 Jul 2013 — Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135. Apache Struts 2 anterior a 2.3.14.3 permite a atacantes remotos la ejecución arbitraria de código OGNL a través de peticiones con un nombre de acción manipulado que no es manejado correctamente durante la comparación de comodines. Vulnerabilidad distinta de CVE-2013-2135. Multiple v... • https://www.exploit-db.com/exploits/38549 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 20%CPEs: 2EXPL: 1CVE-2013-1965
https://notcve.org/view.php?id=CVE-2013-1965
10 Jul 2013 — Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect. Apache Struts Showcase App versiones 2.0.0 hasta 2.3.13, como es usado en Struts versiones 2 anteriores a 2.3.14.3, permite a atacantes remotos ejecutar código OGNL arbitrario por medio de un nombre de parámetro diseñado que no es manejado apropiadamente cuando se invoca un redirecciona... • https://github.com/cinno/CVE-2013-1965 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 45%CPEs: 1EXPL: 2CVE-2013-1966 – Apache Struts - includeParams Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-1966
02 Jun 2013 — Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. Apache Struts versiones 2 anteriores a 2.3.14.2, permite a atacantes remotos ejecutar código OGNL arbitrario por medio de una petición diseñada que no es manejada apropiadamente cuando usa el atributo includeParams en la etiqueta (1) URL o (2) A. • https://packetstorm.news/files/id/121847 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2013-2115 – Apache Struts - includeParams Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-2115
28 May 2013 — Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966. Apache Struts 2 anterior a 2.3.14.2, permite a atacantes remotos ejecutar código OGNL a través de una petición manipulada que no es manejada adecuadamente cuando se usa el atributo includeParams en la (1)URL o la (2) etiqueta A. NOTA: esta cu... • https://packetstorm.news/files/id/121847 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 35EXPL: 0CVE-2012-4386
https://notcve.org/view.php?id=CVE-2012-4386
05 Sep 2012 — The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute. El mecanismo de control token en Apache Struts v2.0.0 a través de v2.3.4 no valida correctamente el parámetro de configuración name permitiendo a atacantes remotos realizar ataques de falsificaciones de petición en sitios cru... • http://secunia.com/advisories/50420 • CWE-352: Cross-Site Request Forgery (CSRF) •