Max CVSS 7.5 Min CVSS 5.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2016-3087 7.5
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
12-08-2019 - 21:15 07-06-2016 - 18:59
CVE-2016-4430 6.8
Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
31-10-2017 - 01:29 04-07-2016 - 22:59
CVE-2016-4436 7.5
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.
09-08-2017 - 01:29 03-10-2016 - 15:59
CVE-2016-4465 5.0
The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.
09-08-2017 - 01:29 04-07-2016 - 22:59
CVE-2016-4433 5.0
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.
09-08-2017 - 01:29 04-07-2016 - 22:59
CVE-2016-4431 5.0
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.
09-08-2017 - 01:29 04-07-2016 - 22:59
CVE-2016-3093 5.0
Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.
28-11-2016 - 20:06 07-06-2016 - 18:59
Back to Top Mark selected
Back to Top