Package Instance

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0

reference_url	https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0

reference_url

https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f

reference_url

https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c

reference_url	https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe

reference_url

https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3

reference_url

https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba

reference_url	https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3

reference_url

https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37

reference_url	https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1

reference_url

https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/development/2.x/docs/s2-015.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/development/2.x/docs/s2-015.html

reference_url	http://struts.apache.org/docs/s2-015.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-015.html

reference_url

https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346

reference_url

https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758

reference_url

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

reference_url

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

reference_url	http://www.securityfocus.com/bid/60346
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/60346

reference_url	http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/64758

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2134

reference_id

CVE-2013-2134

reference_type

scores

value	9.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:C/I:C/A:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2134

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt
reference_id	CVE-2013-2134;OSVDB-93969
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt

reference_url	https://www.securityfocus.com/bid/60345/info
reference_id	CVE-2013-2134;OSVDB-93969
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/60345/info

reference_url

https://github.com/advisories/GHSA-gqqm-564f-vvxq

reference_id

GHSA-gqqm-564f-vvxq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gqqm-564f-vvxq

reference_url	https://security.gentoo.org/glsa/201409-04
reference_id	GLSA-201409-04
reference_type
scores
url	https://security.gentoo.org/glsa/201409-04

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.14.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.14.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3

aliases CVE-2013-2134, GHSA-gqqm-564f-vvxq

risk_score 10.0

exploitability 2.0

weighted_severity 8.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6241-shkt-s7ew

url VCID-6t1x-s2k2-b7bq

vulnerability_id VCID-6t1x-s2k2-b7bq

summary Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4310.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4310.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4310

reference_id

reference_type

scores

value	0.08725
scoring_system	epss
scoring_elements	0.9251
published_at	2026-04-21T12:55:00Z

value	0.08725
scoring_system	epss
scoring_elements	0.9249
published_at	2026-04-09T12:55:00Z

value	0.08725
scoring_system	epss
scoring_elements	0.92496
published_at	2026-04-13T12:55:00Z

value	0.08725
scoring_system	epss
scoring_elements	0.92498
published_at	2026-04-12T12:55:00Z

value	0.08725
scoring_system	epss
scoring_elements	0.92507
published_at	2026-04-16T12:55:00Z

value	0.08725
scoring_system	epss
scoring_elements	0.92506
published_at	2026-04-18T12:55:00Z

value	0.08725
scoring_system	epss
scoring_elements	0.92456
published_at	2026-04-01T12:55:00Z

value	0.08725
scoring_system	epss
scoring_elements	0.92462
published_at	2026-04-02T12:55:00Z

value	0.08725
scoring_system	epss
scoring_elements	0.92471
published_at	2026-04-04T12:55:00Z

value	0.08725
scoring_system	epss
scoring_elements	0.92474
published_at	2026-04-07T12:55:00Z

value	0.08725
scoring_system	epss
scoring_elements	0.92485
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4310

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4310

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4310

reference_url	http://struts.apache.org/docs/s2-018.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-018.html

reference_url

http://struts.apache.org/release/2.3.x/docs/s2-018.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/release/2.3.x/docs/s2-018.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1013030
reference_id	1013030
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1013030

reference_url

https://github.com/advisories/GHSA-q5q8-jghf-3pm3

reference_id

GHSA-q5q8-jghf-3pm3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q5q8-jghf-3pm3

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.15.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.15.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.3

aliases CVE-2013-4310, GHSA-q5q8-jghf-3pm3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6t1x-s2k2-b7bq

url VCID-759g-hsfg-97f8

vulnerability_id VCID-759g-hsfg-97f8

summary Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2248

reference_id

reference_type

scores

value	0.91954
scoring_system	epss
scoring_elements	0.99693
published_at	2026-04-04T12:55:00Z

value	0.91954
scoring_system	epss
scoring_elements	0.997
published_at	2026-04-21T12:55:00Z

value	0.91954
scoring_system	epss
scoring_elements	0.99698
published_at	2026-04-18T12:55:00Z

value	0.91954
scoring_system	epss
scoring_elements	0.99697
published_at	2026-04-16T12:55:00Z

value	0.91954
scoring_system	epss
scoring_elements	0.99696
published_at	2026-04-13T12:55:00Z

value	0.91954
scoring_system	epss
scoring_elements	0.99695
published_at	2026-04-09T12:55:00Z

value	0.91954
scoring_system	epss
scoring_elements	0.99692
published_at	2026-04-02T12:55:00Z

value	0.91954
scoring_system	epss
scoring_elements	0.99694
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2248

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6

reference_url

https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e

reference_url

https://issues.apache.org/jira/browse/WW-4140

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/WW-4140

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2248

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2248

reference_url	http://struts.apache.org/docs/s2-017.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-017.html

reference_url

http://struts.apache.org/release/2.3.x/docs/s2-017.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/release/2.3.x/docs/s2-017.html

reference_url	http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html
reference_id
reference_type
scores
url	http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html

reference_url	http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

reference_url	http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

reference_url	http://www.securityfocus.com/bid/61196
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/61196

reference_url	http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/64758

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38666.txt
reference_id	CVE-2013-2248;OSVDB-95406
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38666.txt

reference_url	https://www.securityfocus.com/bid/61196/info
reference_id	CVE-2013-2248;OSVDB-95406
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/61196/info

reference_url

https://github.com/advisories/GHSA-rpj9-r897-wc6q

reference_id

GHSA-rpj9-r897-wc6q

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rpj9-r897-wc6q

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.15.1

purl pkg:maven/org.apache.struts/struts2-core@2.3.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.1

aliases CVE-2013-2248, GHSA-rpj9-r897-wc6q

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-759g-hsfg-97f8

url VCID-b59n-uxft-4qgz

vulnerability_id VCID-b59n-uxft-4qgz

summary Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

references

reference_url

http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4316

reference_id

reference_type

scores

value	0.06168
scoring_system	epss
scoring_elements	0.90856
published_at	2026-04-21T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90823
published_at	2026-04-08T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90829
published_at	2026-04-09T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90838
published_at	2026-04-12T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90836
published_at	2026-04-13T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.9086
published_at	2026-04-16T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90858
published_at	2026-04-18T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90784
published_at	2026-04-01T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90789
published_at	2026-04-02T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90801
published_at	2026-04-04T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90812
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4316

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1

reference_url

https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4316

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4316

reference_url	http://struts.apache.org/docs/s2-019.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-019.html

reference_url

http://struts.apache.org/release/2.3.x/docs/s2-019.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/release/2.3.x/docs/s2-019.html

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1013036
reference_id	1013036
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1013036

reference_url

https://github.com/advisories/GHSA-j7h6-xr7g-m2c5

reference_id

GHSA-j7h6-xr7g-m2c5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j7h6-xr7g-m2c5

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.15.2

purl pkg:maven/org.apache.struts/struts2-core@2.3.15.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.2

aliases CVE-2013-4316, GHSA-j7h6-xr7g-m2c5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b59n-uxft-4qgz

url VCID-evh9-mua1-2bem

vulnerability_id VCID-evh9-mua1-2bem

summary

XWork ParameterInterceptors bypass allows remote command execution
The OGNL extensive expression evaluation capability in this package as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive allowlist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the `#context`, `#_memberAccess`, `#root`, `#this`, `#_typeResolver`, `#_classResolver`, `#_traceEvaluations`, `#_lastEvaluation`, `#_keepLastEvaluation`, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.

references

reference_url

http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html

reference_url

http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16

reference_url

http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1870.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1870.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-1870

reference_id

reference_type

scores

value	0.92533
scoring_system	epss
scoring_elements	0.99736
published_at	2026-04-04T12:55:00Z

value	0.92533
scoring_system	epss
scoring_elements	0.9974
published_at	2026-04-21T12:55:00Z

value	0.92533
scoring_system	epss
scoring_elements	0.99739
published_at	2026-04-18T12:55:00Z

value	0.92533
scoring_system	epss
scoring_elements	0.99738
published_at	2026-04-13T12:55:00Z

value	0.92533
scoring_system	epss
scoring_elements	0.99735
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-1870

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-003

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-003

reference_url

http://seclists.org/fulldisclosure/2010/Jul/183

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2010/Jul/183

reference_url

http://seclists.org/fulldisclosure/2020/Oct/23

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2020/Oct/23

reference_url	http://secunia.com/advisories/59110
reference_id
reference_type
scores
url	http://secunia.com/advisories/59110

reference_url	http://securityreason.com/securityalert/8345
reference_id
reference_type
scores
url	http://securityreason.com/securityalert/8345

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2010-1870

reference_url

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2010-1870

reference_url

http://struts.apache.org/2.2.1/docs/s2-005.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/2.2.1/docs/s2-005.html

reference_url	http://struts.apache.org/docs/s2-005.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-005.html

reference_url

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2

reference_url	http://www.exploit-db.com/exploits/14360
reference_id
reference_type
scores
url	http://www.exploit-db.com/exploits/14360

reference_url	http://www.osvdb.org/66280
reference_id
reference_type
scores
url	http://www.osvdb.org/66280

reference_url	http://www.securityfocus.com/bid/41592
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/41592

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1123727
reference_id	1123727
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1123727

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/14360.txt
reference_id	CVE-2010-1870;OSVDB-66280
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/14360.txt

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17691.rb
reference_id	CVE-2010-1870;OSVDB-66280
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17691.rb

reference_url

https://github.com/advisories/GHSA-x5fc-pgpx-59j5

reference_id

GHSA-x5fc-pgpx-59j5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x5fc-pgpx-59j5

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.2.1

purl pkg:maven/org.apache.struts/struts2-core@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.1

aliases CVE-2010-1870, GHSA-x5fc-pgpx-59j5

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-evh9-mua1-2bem

url VCID-fv6w-cdtc-kkhx

vulnerability_id VCID-fv6w-cdtc-kkhx

summary

Struts ParameterInterceptor vulnerability allows remote command execution
Regular expression in ParametersInterceptor matches `top['foo'](0)` as a valid expression, which OGNL treats as `(top['foo'])(0)` and evaluates the value of 'foo' action parameter as an OGNL expression. This lets malicious users put arbitrary OGNL statements into any String variable exposed by an action and have it evaluated as an OGNL expression and since OGNL statement is in HTTP parameter value attacker can use blacklisted characters (e.g. #) to disable method execution and execute arbitrary methods, bypassing the ParametersInterceptor and OGNL library protections.

references

reference_url

http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-3923

reference_id

reference_type

scores

value	0.91054
scoring_system	epss
scoring_elements	0.99643
published_at	2026-04-21T12:55:00Z

value	0.91054
scoring_system	epss
scoring_elements	0.99638
published_at	2026-04-04T12:55:00Z

value	0.91054
scoring_system	epss
scoring_elements	0.99637
published_at	2026-04-02T12:55:00Z

value	0.91054
scoring_system	epss
scoring_elements	0.9964
published_at	2026-04-13T12:55:00Z

value	0.91054
scoring_system	epss
scoring_elements	0.99641
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-3923

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923

reference_url	http://seclists.org/fulldisclosure/2014/Jul/38
reference_id
reference_type
scores
url	http://seclists.org/fulldisclosure/2014/Jul/38

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/72585

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/72585

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-3923

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-3923

reference_url

https://security-tracker.debian.org/tracker/CVE-2011-3923

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security-tracker.debian.org/tracker/CVE-2011-3923

reference_url

http://struts.apache.org/development/2.x/docs/s2-009.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/development/2.x/docs/s2-009.html

reference_url	http://struts.apache.org/docs/s2-009.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-009.html

reference_url

https://web.archive.org/web/20140725074137/http://seclists.org/fulldisclosure/2014/Jul/38

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140725074137/http://seclists.org/fulldisclosure/2014/Jul/38

reference_url	http://www.exploit-db.com/exploits/24874
reference_id
reference_type
scores
url	http://www.exploit-db.com/exploits/24874

reference_url	http://www.securityfocus.com/bid/51628
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/51628

reference_url	http://www.securitytracker.com/id?1026575
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1026575

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24874.rb
reference_id	CVE-2011-3923;OSVDB-78501
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24874.rb

reference_url

https://github.com/advisories/GHSA-j68f-8h6p-9h5q

reference_id

GHSA-j68f-8h6p-9h5q

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j68f-8h6p-9h5q

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.1.2

purl pkg:maven/org.apache.struts/struts2-core@2.3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.1.2

aliases CVE-2011-3923, GHSA-j68f-8h6p-9h5q

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fv6w-cdtc-kkhx

url VCID-hkjh-35ye-1ugj

vulnerability_id VCID-hkjh-35ye-1ugj

summary Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2115

reference_id

reference_type

scores

value	0.87487
scoring_system	epss
scoring_elements	0.99454
published_at	2026-04-01T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99469
published_at	2026-04-21T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99468
published_at	2026-04-16T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99465
published_at	2026-04-13T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99464
published_at	2026-04-11T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99463
published_at	2026-04-09T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99462
published_at	2026-04-08T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99461
published_at	2026-04-07T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99459
published_at	2026-04-04T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99457
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2115

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-013

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-013

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-014

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-014

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650

reference_url

https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d

reference_url

https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6

reference_url

https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474

reference_url

https://issues.apache.org/jira/browse/WW-4063

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/WW-4063

reference_url

http://struts.apache.org/development/2.x/docs/s2-014.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/development/2.x/docs/s2-014.html

reference_url	http://struts.apache.org/docs/s2-014.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-014.html

reference_url

https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167

reference_url	http://www.securityfocus.com/bid/60167
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/60167

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2115

reference_id

CVE-2013-2115

reference_type

scores

value	9.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:C/I:C/A:C

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2115

reference_url

https://github.com/advisories/GHSA-7ghm-rpc7-p7g5

reference_id

GHSA-7ghm-rpc7-p7g5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7ghm-rpc7-p7g5

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.14.2

purl pkg:maven/org.apache.struts/struts2-core@2.3.14.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2

aliases CVE-2013-2115, GHSA-7ghm-rpc7-p7g5

risk_score 10.0

exploitability 2.0

weighted_severity 8.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkjh-35ye-1ugj

url VCID-k6mz-k1yb-4uej

vulnerability_id VCID-k6mz-k1yb-4uej

summary

CSRF protection bypass
The token check mechanism in this package does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-4386

reference_id

reference_type

scores

value	0.03235
scoring_system	epss
scoring_elements	0.87045
published_at	2026-04-07T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87065
published_at	2026-04-08T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87096
published_at	2026-04-18T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87092
published_at	2026-04-21T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87076
published_at	2026-04-13T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87081
published_at	2026-04-12T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87022
published_at	2026-04-01T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87086
published_at	2026-04-11T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87033
published_at	2026-04-02T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87073
published_at	2026-04-09T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87052
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4386

reference_url	http://secunia.com/advisories/50420
reference_id
reference_type
scores
url	http://secunia.com/advisories/50420

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/78182

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/78182

reference_url

https://issues.apache.org/jira/browse/WW-3858

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/WW-3858

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-4386

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-4386

reference_url

http://struts.apache.org/2.x/docs/s2-010.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/2.x/docs/s2-010.html

reference_url	http://struts.apache.org/docs/s2-010.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-010.html

reference_url

http://www.openwall.com/lists/oss-security/2012/09/01/4

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/09/01/4

reference_url

http://www.openwall.com/lists/oss-security/2012/09/01/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/09/01/5

reference_url	http://www.securityfocus.com/bid/55346
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/55346

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*

reference_url

https://github.com/advisories/GHSA-2rvh-q539-q33v

reference_id

GHSA-2rvh-q539-q33v

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2rvh-q539-q33v

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.4.1

purl pkg:maven/org.apache.struts/struts2-core@2.3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1

aliases CVE-2012-4386, GHSA-2rvh-q539-q33v

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k6mz-k1yb-4uej

url VCID-kdsa-599r-eud7

vulnerability_id VCID-kdsa-599r-eud7

summary The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.

references

reference_url

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045

reference_url

http://jvn.jp/en/jp/JVN19294237/index.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jvn.jp/en/jp/JVN19294237/index.html

reference_url

http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0094

reference_id

reference_type

scores

value	0.93134
scoring_system	epss
scoring_elements	0.99796
published_at	2026-04-13T12:55:00Z

value	0.93134
scoring_system	epss
scoring_elements	0.99795
published_at	2026-04-08T12:55:00Z

value	0.93134
scoring_system	epss
scoring_elements	0.99794
published_at	2026-04-04T12:55:00Z

value	0.93134
scoring_system	epss
scoring_elements	0.99799
published_at	2026-04-21T12:55:00Z

value	0.93134
scoring_system	epss
scoring_elements	0.99798
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0094

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f

reference_url

https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62

reference_url	https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147

reference_url	http://struts.apache.org/docs/s2-021.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-021.html

reference_url

http://struts.apache.org/release/2.3.x/docs/s2-020.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/release/2.3.x/docs/s2-020.html

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113

reference_url

http://www-01.ibm.com/support/docview.wss?uid=swg21676706

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=swg21676706

reference_url

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

reference_url

http://www.konakart.com/downloads/ver-7-3-0-0-whats-new

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.konakart.com/downloads/ver-7-3-0-0-whats-new

reference_url

http://www.vmware.com/security/advisories/VMSA-2014-0007.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.vmware.com/security/advisories/VMSA-2014-0007.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1073716
reference_id	1073716
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1073716

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0094

reference_id

CVE-2014-0094

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0094

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb
reference_id	CVE-2014-0113;CVE-2014-0112;CVE-2014-0094;OSVDB-103918
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb

reference_url	https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb
reference_id	CVE-2014-0114;CVE-2014-0112;CVE-2014-0094
reference_type	exploit
scores
url	https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb
reference_id	CVE-2014-0114;CVE-2014-0112;CVE-2014-0094
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb

reference_url

https://github.com/advisories/GHSA-vrwc-qjmw-5rjm

reference_id

GHSA-vrwc-qjmw-5rjm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vrwc-qjmw-5rjm

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.16.2

purl pkg:maven/org.apache.struts/struts2-core@2.3.16.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2

aliases CVE-2014-0094, GHSA-vrwc-qjmw-5rjm

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kdsa-599r-eud7

url VCID-q96z-v3bs-k3dg

vulnerability_id VCID-q96z-v3bs-k3dg

summary Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-4387

reference_id

reference_type

scores

value	0.07916
scoring_system	epss
scoring_elements	0.92054
published_at	2026-04-21T12:55:00Z

value	0.07916
scoring_system	epss
scoring_elements	0.92003
published_at	2026-04-01T12:55:00Z

value	0.07916
scoring_system	epss
scoring_elements	0.92011
published_at	2026-04-02T12:55:00Z

value	0.07916
scoring_system	epss
scoring_elements	0.92019
published_at	2026-04-04T12:55:00Z

value	0.07916
scoring_system	epss
scoring_elements	0.92024
published_at	2026-04-07T12:55:00Z

value	0.07916
scoring_system	epss
scoring_elements	0.92037
published_at	2026-04-08T12:55:00Z

value	0.07916
scoring_system	epss
scoring_elements	0.9204
published_at	2026-04-13T12:55:00Z

value	0.07916
scoring_system	epss
scoring_elements	0.92043
published_at	2026-04-11T12:55:00Z

value	0.07916
scoring_system	epss
scoring_elements	0.92044
published_at	2026-04-12T12:55:00Z

value	0.07916
scoring_system	epss
scoring_elements	0.92059
published_at	2026-04-16T12:55:00Z

value	0.07916
scoring_system	epss
scoring_elements	0.92056
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4387

reference_url	http://secunia.com/advisories/50420
reference_id
reference_type
scores
url	http://secunia.com/advisories/50420

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/78183

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/78183

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/80e03182d66d9e6ab18f9a9a9b3c42725a1c89e9

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/80e03182d66d9e6ab18f9a9a9b3c42725a1c89e9

reference_url

https://github.com/apache/struts/commit/87935af56a27235e9399308ee1fcfb74f8edcefa

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/87935af56a27235e9399308ee1fcfb74f8edcefa

reference_url

https://issues.apache.org/jira/browse/WW-3860

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/WW-3860

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-4387

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-4387

reference_url

http://struts.apache.org/2.x/docs/s2-011.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/2.x/docs/s2-011.html

reference_url	http://struts.apache.org/docs/s2-011.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-011.html

reference_url

http://www.openwall.com/lists/oss-security/2012/09/01/4

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/09/01/4

reference_url

http://www.openwall.com/lists/oss-security/2012/09/01/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/09/01/5

reference_url	http://www.securityfocus.com/bid/55346
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/55346

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*

reference_url

https://github.com/advisories/GHSA-hrgc-54mv-58gv

reference_id

GHSA-hrgc-54mv-58gv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hrgc-54mv-58gv

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.4.1

purl pkg:maven/org.apache.struts/struts2-core@2.3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1

aliases CVE-2012-4387, GHSA-hrgc-54mv-58gv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q96z-v3bs-k3dg

url VCID-vkb9-11h4-dugp

vulnerability_id VCID-vkb9-11h4-dugp

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1966

reference_id

reference_type

scores

value	0.91096
scoring_system	epss
scoring_elements	0.99642
published_at	2026-04-07T12:55:00Z

value	0.91096
scoring_system	epss
scoring_elements	0.99647
published_at	2026-04-21T12:55:00Z

value	0.91096
scoring_system	epss
scoring_elements	0.99641
published_at	2026-04-04T12:55:00Z

value	0.91096
scoring_system	epss
scoring_elements	0.99643
published_at	2026-04-12T12:55:00Z

value	0.91096
scoring_system	epss
scoring_elements	0.9964
published_at	2026-04-02T12:55:00Z

value	0.91096
scoring_system	epss
scoring_elements	0.99646
published_at	2026-04-18T12:55:00Z

value	0.91096
scoring_system	epss
scoring_elements	0.99644
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1966

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-013

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-013

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56

reference_url

http://struts.apache.org/development/2.x/docs/s2-013.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/development/2.x/docs/s2-013.html

reference_url	http://struts.apache.org/docs/s2-013.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-013.html

reference_url	http://struts.apache.org/docs/s2-014.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-014.html

reference_url	http://www.securityfocus.com/bid/60166
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/60166

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1966

reference_id

CVE-2013-1966

reference_type

scores

value	9.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:C/I:C/A:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1966

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb
reference_id	CVE-2013-2115;OSVDB-93645;CVE-2013-1966
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb

reference_url

https://github.com/advisories/GHSA-737w-mh58-cxjp

reference_id

GHSA-737w-mh58-cxjp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-737w-mh58-cxjp

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.14.2

purl pkg:maven/org.apache.struts/struts2-core@2.3.14.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2

aliases CVE-2013-1966, GHSA-737w-mh58-cxjp

risk_score 10.0

exploitability 2.0

weighted_severity 8.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vkb9-11h4-dugp

url VCID-vnkw-9fa2-zqcm

vulnerability_id VCID-vnkw-9fa2-zqcm

summary Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2135

reference_id

reference_type

scores

value	0.83013
scoring_system	epss
scoring_elements	0.99247
published_at	2026-04-02T12:55:00Z

value	0.83013
scoring_system	epss
scoring_elements	0.99258
published_at	2026-04-21T12:55:00Z

value	0.83013
scoring_system	epss
scoring_elements	0.99257
published_at	2026-04-18T12:55:00Z

value	0.83013
scoring_system	epss
scoring_elements	0.99256
published_at	2026-04-12T12:55:00Z

value	0.83013
scoring_system	epss
scoring_elements	0.99255
published_at	2026-04-13T12:55:00Z

value	0.83013
scoring_system	epss
scoring_elements	0.99254
published_at	2026-04-08T12:55:00Z

value	0.83013
scoring_system	epss
scoring_elements	0.99253
published_at	2026-04-07T12:55:00Z

value	0.83013
scoring_system	epss
scoring_elements	0.9925
published_at	2026-04-04T12:55:00Z

value	0.83013
scoring_system	epss
scoring_elements	0.99245
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2135

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-015

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-015

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0

reference_url	https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0

reference_url

https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f

reference_url

https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c

reference_url	https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe

reference_url

https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3

reference_url

https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba

reference_url	https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3

reference_url

https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37

reference_url	https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1

reference_url

https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/development/2.x/docs/s2-015.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/development/2.x/docs/s2-015.html

reference_url	http://struts.apache.org/docs/s2-015.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-015.html

reference_url

https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758

reference_url

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

reference_url

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

reference_url	http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/64758

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2135

reference_id

CVE-2013-2135

reference_type

scores

value	9.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:C/I:C/A:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2135

reference_url

https://github.com/advisories/GHSA-pw8r-x2qm-3h5m

reference_id

GHSA-pw8r-x2qm-3h5m

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pw8r-x2qm-3h5m

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.14.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.14.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3

aliases CVE-2013-2135, GHSA-pw8r-x2qm-3h5m

risk_score 10.0

exploitability 2.0

weighted_severity 8.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vnkw-9fa2-zqcm

url VCID-x65e-31g3-77bp

vulnerability_id VCID-x65e-31g3-77bp

summary

Multiple XSS flaws in XWork
Multiple cross-site scripting (XSS) vulnerabilities in XWork allow remote attackers to inject arbitrary web script or HTML via vectors involving an action name, the action attribute of an s:submit element, or the method attribute of an `s:submit` element.

references

reference_url

http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106

reference_url

http://jvn.jp/en/jp/JVN25435092/index.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://jvn.jp/en/jp/JVN25435092/index.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1772.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1772.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-1772

reference_id

reference_type

scores

value	0.59227
scoring_system	epss
scoring_elements	0.98242
published_at	2026-04-21T12:55:00Z

value	0.59227
scoring_system	epss
scoring_elements	0.98228
published_at	2026-04-04T12:55:00Z

value	0.59227
scoring_system	epss
scoring_elements	0.98244
published_at	2026-04-18T12:55:00Z

value	0.59227
scoring_system	epss
scoring_elements	0.98229
published_at	2026-04-07T12:55:00Z

value	0.59227
scoring_system	epss
scoring_elements	0.98225
published_at	2026-04-02T12:55:00Z

value	0.59227
scoring_system	epss
scoring_elements	0.98237
published_at	2026-04-13T12:55:00Z

value	0.59227
scoring_system	epss
scoring_elements	0.98234
published_at	2026-04-09T12:55:00Z

value	0.59227
scoring_system	epss
scoring_elements	0.98223
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-1772

reference_url

http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html

reference_url	http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html
reference_id
reference_type
scores
url	http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/WW-3579

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/WW-3579

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-1772

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:P/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-1772

reference_url

http://struts.apache.org/2.2.3/docs/version-notes-223.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/2.2.3/docs/version-notes-223.html

reference_url

http://struts.apache.org/2.x/docs/s2-006.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/2.x/docs/s2-006.html

reference_url	http://struts.apache.org/docs/s2-006.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-006.html

reference_url	http://www.securityfocus.com/bid/47784
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/47784

reference_url	http://www.ventuneac.net/security-advisories/MVSA-11-006
reference_id
reference_type
scores
url	http://www.ventuneac.net/security-advisories/MVSA-11-006

reference_url	http://www.vupen.com/english/advisories/2011/1198
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/1198

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=723827
reference_id	723827
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=723827

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:webwork::::::::
reference_id	cpe:2.3:a:opensymphony:webwork::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:webwork::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork::::::::
reference_id	cpe:2.3:a:opensymphony:xwork::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork::::::::

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35735.txt
reference_id	CVE-2011-1772;OSVDB-72238
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35735.txt

reference_url	https://www.securityfocus.com/bid/47784/info
reference_id	CVE-2011-1772;OSVDB-72238
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/47784/info

reference_url

https://github.com/advisories/GHSA-56f8-g68r-j699

reference_id

GHSA-56f8-g68r-j699

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-56f8-g68r-j699

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.2.3

purl pkg:maven/org.apache.struts/struts2-core@2.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3

aliases CVE-2011-1772, GHSA-56f8-g68r-j699

risk_score 5.4

exploitability 2.0

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x65e-31g3-77bp

url VCID-z1gf-169n-m3af

vulnerability_id VCID-z1gf-169n-m3af

summary Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.

references

reference_url

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012

reference_url

http://jvn.jp/en/jp/JVN79099262/index.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://jvn.jp/en/jp/JVN79099262/index.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0838.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0838.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-0838

reference_id

reference_type

scores

value	0.11109
scoring_system	epss
scoring_elements	0.93486
published_at	2026-04-18T12:55:00Z

value	0.11109
scoring_system	epss
scoring_elements	0.93481
published_at	2026-04-16T12:55:00Z

value	0.11109
scoring_system	epss
scoring_elements	0.93461
published_at	2026-04-13T12:55:00Z

value	0.11109
scoring_system	epss
scoring_elements	0.9346
published_at	2026-04-12T12:55:00Z

value	0.11109
scoring_system	epss
scoring_elements	0.93455
published_at	2026-04-09T12:55:00Z

value	0.11109
scoring_system	epss
scoring_elements	0.93451
published_at	2026-04-08T12:55:00Z

value	0.11109
scoring_system	epss
scoring_elements	0.93492
published_at	2026-04-21T12:55:00Z

value	0.11109
scoring_system	epss
scoring_elements	0.93443
published_at	2026-04-07T12:55:00Z

value	0.13997
scoring_system	epss
scoring_elements	0.94304
published_at	2026-04-02T12:55:00Z

value	0.13997
scoring_system	epss
scoring_elements	0.94295
published_at	2026-04-01T12:55:00Z

value	0.13997
scoring_system	epss
scoring_elements	0.94315
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-0838

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url