Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe

Filtered by product Struts

Total 85 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2008-6505	1 Apache	1 Struts	2023-12-10	5.0 MEDIUM	N/A
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
CVE-2006-1546	1 Apache	1 Struts	2023-12-10	7.5 HIGH	N/A
Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
CVE-2005-3745	1 Apache	1 Struts	2023-12-10	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
CVE-2006-1547	1 Apache	1 Struts	2023-12-10	7.8 HIGH	N/A
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
CVE-2006-1548	1 Apache	1 Struts	2023-12-10	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.

«
1
2
3
4
5
»