| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-0114 | 7.5 |
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "m
|
13-02-2023 - 00:32 | 30-04-2014 - 10:49 | |
| CVE-2016-1181 | 6.8 |
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart reques
|
15-07-2020 - 03:15 | 04-07-2016 - 22:59 | |
| CVE-2016-1182 | 6.4 |
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related iss
|
15-07-2020 - 03:15 | 04-07-2016 - 22:59 | |
| CVE-2015-0899 | 5.0 |
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.
|
01-07-2018 - 01:29 | 04-07-2016 - 22:59 |