| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-3093 | 5.0 |
Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.
|
12-02-2023 - 23:18 | 07-06-2016 - 18:59 | |
| CVE-2016-3087 | 7.5 |
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
|
12-08-2019 - 21:15 | 07-06-2016 - 18:59 | |
| CVE-2016-4430 | 6.8 |
Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
|
31-10-2017 - 01:29 | 04-07-2016 - 22:59 | |
| CVE-2016-4436 | 7.5 |
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.
|
09-08-2017 - 01:29 | 03-10-2016 - 15:59 | |
| CVE-2016-4465 | 5.0 |
The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.
|
09-08-2017 - 01:29 | 04-07-2016 - 22:59 | |
| CVE-2016-4433 | 5.0 |
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.
|
09-08-2017 - 01:29 | 04-07-2016 - 22:59 | |
| CVE-2016-4431 | 5.0 |
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.
|
09-08-2017 - 01:29 | 04-07-2016 - 22:59 |