Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.struts/struts2-core@2.2.1
Typemaven
Namespaceorg.apache.struts
Namestruts2-core
Version2.2.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.8.0
Latest_non_vulnerable_version7.1.1
Affected_by_vulnerabilities
0
url VCID-2chz-36wn-9fcv
vulnerability_id VCID-2chz-36wn-9fcv
summary 
Manipulation of Struts internals
This package allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5209
reference_id
reference_type
scores
0
value 0.01362
scoring_system epss
scoring_elements 0.80173
published_at 2026-04-09T12:55:00Z
1
value 0.01362
scoring_system epss
scoring_elements 0.80138
published_at 2026-04-07T12:55:00Z
2
value 0.01362
scoring_system epss
scoring_elements 0.80167
published_at 2026-04-08T12:55:00Z
3
value 0.01362
scoring_system epss
scoring_elements 0.80197
published_at 2026-04-16T12:55:00Z
4
value 0.01362
scoring_system epss
scoring_elements 0.80169
published_at 2026-04-13T12:55:00Z
5
value 0.01362
scoring_system epss
scoring_elements 0.80178
published_at 2026-04-12T12:55:00Z
6
value 0.01362
scoring_system epss
scoring_elements 0.802
published_at 2026-04-21T12:55:00Z
7
value 0.01362
scoring_system epss
scoring_elements 0.80198
published_at 2026-04-18T12:55:00Z
8
value 0.01362
scoring_system epss
scoring_elements 0.80192
published_at 2026-04-11T12:55:00Z
9
value 0.02387
scoring_system epss
scoring_elements 0.84967
published_at 2026-04-04T12:55:00Z
10
value 0.02387
scoring_system epss
scoring_elements 0.84935
published_at 2026-04-01T12:55:00Z
11
value 0.02387
scoring_system epss
scoring_elements 0.84949
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5209
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5209
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5209
2
reference_url https://security.netapp.com/advisory/ntap-20180629-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180629-0002
3
reference_url https://security.netapp.com/advisory/ntap-20180629-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180629-0002/
4
reference_url https://struts.apache.org/docs/s2-026.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-026.html
5
reference_url https://github.com/advisories/GHSA-4qgj-9mvg-3929
reference_id GHSA-4qgj-9mvg-3929
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4qgj-9mvg-3929
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.24.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.24.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rjv-1thm-dugt
1
vulnerability VCID-3yq7-n972-j7dh
2
vulnerability VCID-4agy-6nsx-7ufh
3
vulnerability VCID-6hrc-fm64-ckhf
4
vulnerability VCID-74ab-1p1c-4qbd
5
vulnerability VCID-79j9-v8gz-rfax
6
vulnerability VCID-7c97-nj5a-hqb8
7
vulnerability VCID-7fgd-jnfe-gkhp
8
vulnerability VCID-87fh-rvvb-6ubq
9
vulnerability VCID-8bsh-bshc-vkgq
10
vulnerability VCID-95ts-vpk6-uubg
11
vulnerability VCID-at5c-f8p8-67fh
12
vulnerability VCID-b7zy-qhz9-tuar
13
vulnerability VCID-bgbt-j1n9-6yg5
14
vulnerability VCID-cm62-bsdz-yye2
15
vulnerability VCID-czjh-bpfk-3yh6
16
vulnerability VCID-dk2f-14xj-9bf8
17
vulnerability VCID-gfxq-vtry-bqgg
18
vulnerability VCID-hgj2-vqzn-gyeb
19
vulnerability VCID-j5su-cnqd-6yad
20
vulnerability VCID-sf53-bgb2-7ue2
21
vulnerability VCID-tgd1-s1yg-9fdt
22
vulnerability VCID-vgp6-jxqt-pbf4
23
vulnerability VCID-y4qu-21c9-6fav
24
vulnerability VCID-y5uq-a6dx-3yd4
25
vulnerability VCID-ygbu-vb2t-jqhx
26
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.1
aliases CVE-2015-5209, GHSA-4qgj-9mvg-3929
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2chz-36wn-9fcv
1
url VCID-2rjv-1thm-dugt
vulnerability_id VCID-2rjv-1thm-dugt
summary XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3082
reference_id
reference_type
scores
0
value 0.24626
scoring_system epss
scoring_elements 0.96115
published_at 2026-04-07T12:55:00Z
1
value 0.24626
scoring_system epss
scoring_elements 0.96147
published_at 2026-04-21T12:55:00Z
2
value 0.24626
scoring_system epss
scoring_elements 0.96146
published_at 2026-04-18T12:55:00Z
3
value 0.24626
scoring_system epss
scoring_elements 0.96141
published_at 2026-04-16T12:55:00Z
4
value 0.24626
scoring_system epss
scoring_elements 0.96132
published_at 2026-04-13T12:55:00Z
5
value 0.24626
scoring_system epss
scoring_elements 0.9613
published_at 2026-04-12T12:55:00Z
6
value 0.24626
scoring_system epss
scoring_elements 0.96095
published_at 2026-04-01T12:55:00Z
7
value 0.24626
scoring_system epss
scoring_elements 0.96131
published_at 2026-04-11T12:55:00Z
8
value 0.24626
scoring_system epss
scoring_elements 0.96129
published_at 2026-04-09T12:55:00Z
9
value 0.24626
scoring_system epss
scoring_elements 0.96103
published_at 2026-04-02T12:55:00Z
10
value 0.24626
scoring_system epss
scoring_elements 0.96125
published_at 2026-04-08T12:55:00Z
11
value 0.24626
scoring_system epss
scoring_elements 0.96109
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3082
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
2
reference_url https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f
3
reference_url http://struts.apache.org/docs/s2-031.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/docs/s2-031.html
4
reference_url http://www.securityfocus.com/bid/88826
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/88826
5
reference_url http://www.securitytracker.com/id/1035664
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1035664
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
62
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3082
reference_id CVE-2016-3082
reference_type
scores
0
value 10.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:C/I:C/A:C
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3082
63
reference_url https://github.com/advisories/GHSA-pvm9-288c-v5wq
reference_id GHSA-pvm9-288c-v5wq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pvm9-288c-v5wq
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.20.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.20.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-3yq7-n972-j7dh
2
vulnerability VCID-4agy-6nsx-7ufh
3
vulnerability VCID-6hrc-fm64-ckhf
4
vulnerability VCID-74ab-1p1c-4qbd
5
vulnerability VCID-79j9-v8gz-rfax
6
vulnerability VCID-7c97-nj5a-hqb8
7
vulnerability VCID-87fh-rvvb-6ubq
8
vulnerability VCID-8bsh-bshc-vkgq
9
vulnerability VCID-95ts-vpk6-uubg
10
vulnerability VCID-at5c-f8p8-67fh
11
vulnerability VCID-b7zy-qhz9-tuar
12
vulnerability VCID-bgbt-j1n9-6yg5
13
vulnerability VCID-cm62-bsdz-yye2
14
vulnerability VCID-dk2f-14xj-9bf8
15
vulnerability VCID-gfxq-vtry-bqgg
16
vulnerability VCID-hgj2-vqzn-gyeb
17
vulnerability VCID-j5su-cnqd-6yad
18
vulnerability VCID-sf53-bgb2-7ue2
19
vulnerability VCID-tgd1-s1yg-9fdt
20
vulnerability VCID-vgp6-jxqt-pbf4
21
vulnerability VCID-y4qu-21c9-6fav
22
vulnerability VCID-y5uq-a6dx-3yd4
23
vulnerability VCID-ygbu-vb2t-jqhx
24
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3
1
url pkg:maven/org.apache.struts/struts2-core@2.3.24.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-6hrc-fm64-ckhf
3
vulnerability VCID-74ab-1p1c-4qbd
4
vulnerability VCID-79j9-v8gz-rfax
5
vulnerability VCID-7c97-nj5a-hqb8
6
vulnerability VCID-87fh-rvvb-6ubq
7
vulnerability VCID-8bsh-bshc-vkgq
8
vulnerability VCID-95ts-vpk6-uubg
9
vulnerability VCID-b7zy-qhz9-tuar
10
vulnerability VCID-bgbt-j1n9-6yg5
11
vulnerability VCID-cm62-bsdz-yye2
12
vulnerability VCID-dk2f-14xj-9bf8
13
vulnerability VCID-gfxq-vtry-bqgg
14
vulnerability VCID-hgj2-vqzn-gyeb
15
vulnerability VCID-j5su-cnqd-6yad
16
vulnerability VCID-mdde-pa5h-w7g4
17
vulnerability VCID-sf53-bgb2-7ue2
18
vulnerability VCID-tgd1-s1yg-9fdt
19
vulnerability VCID-vgp6-jxqt-pbf4
20
vulnerability VCID-y4qu-21c9-6fav
21
vulnerability VCID-y5uq-a6dx-3yd4
22
vulnerability VCID-ygbu-vb2t-jqhx
23
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3
2
url pkg:maven/org.apache.struts/struts2-core@2.3.28.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.28.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-74ab-1p1c-4qbd
3
vulnerability VCID-79j9-v8gz-rfax
4
vulnerability VCID-7c97-nj5a-hqb8
5
vulnerability VCID-87fh-rvvb-6ubq
6
vulnerability VCID-8bsh-bshc-vkgq
7
vulnerability VCID-95ts-vpk6-uubg
8
vulnerability VCID-b7zy-qhz9-tuar
9
vulnerability VCID-bgbt-j1n9-6yg5
10
vulnerability VCID-cm62-bsdz-yye2
11
vulnerability VCID-dk2f-14xj-9bf8
12
vulnerability VCID-gfxq-vtry-bqgg
13
vulnerability VCID-hgj2-vqzn-gyeb
14
vulnerability VCID-mdde-pa5h-w7g4
15
vulnerability VCID-sf53-bgb2-7ue2
16
vulnerability VCID-tgd1-s1yg-9fdt
17
vulnerability VCID-vgp6-jxqt-pbf4
18
vulnerability VCID-y4qu-21c9-6fav
19
vulnerability VCID-y5uq-a6dx-3yd4
20
vulnerability VCID-ygbu-vb2t-jqhx
21
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1
aliases CVE-2016-3082, GHSA-pvm9-288c-v5wq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rjv-1thm-dugt
2
url VCID-2v7h-fght-cugn
vulnerability_id VCID-2v7h-fght-cugn
summary Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.
references
0
reference_url http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html
reference_id
reference_type
scores
url http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html
1
reference_url http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7809
reference_id
reference_type
scores
0
value 0.07545
scoring_system epss
scoring_elements 0.91839
published_at 2026-04-21T12:55:00Z
1
value 0.07545
scoring_system epss
scoring_elements 0.9179
published_at 2026-04-02T12:55:00Z
2
value 0.07545
scoring_system epss
scoring_elements 0.91795
published_at 2026-04-04T12:55:00Z
3
value 0.07545
scoring_system epss
scoring_elements 0.91804
published_at 2026-04-07T12:55:00Z
4
value 0.07545
scoring_system epss
scoring_elements 0.91817
published_at 2026-04-08T12:55:00Z
5
value 0.07545
scoring_system epss
scoring_elements 0.91823
published_at 2026-04-09T12:55:00Z
6
value 0.07545
scoring_system epss
scoring_elements 0.91826
published_at 2026-04-11T12:55:00Z
7
value 0.07545
scoring_system epss
scoring_elements 0.91828
published_at 2026-04-12T12:55:00Z
8
value 0.07545
scoring_system epss
scoring_elements 0.91824
published_at 2026-04-13T12:55:00Z
9
value 0.07545
scoring_system epss
scoring_elements 0.91845
published_at 2026-04-16T12:55:00Z
10
value 0.07545
scoring_system epss
scoring_elements 0.91781
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7809
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7809
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-7809
7
reference_url http://struts.apache.org/docs/s2-023.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/docs/s2-023.html
8
reference_url https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309
9
reference_url https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548
10
reference_url https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded
11
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809
12
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
13
reference_url http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
14
reference_url http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
15
reference_url http://www.securityfocus.com/archive/1/534175/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/534175/100/0/threaded
16
reference_url http://www.securityfocus.com/bid/71548
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/71548
17
reference_url http://www.securitytracker.com/id/1031309
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1031309
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1172133
reference_id 1172133
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1172133
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
62
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
63
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
64
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
65
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
66
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
67
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
68
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
69
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
70
reference_url https://github.com/advisories/GHSA-h4v9-jf2r-9h6m
reference_id GHSA-h4v9-jf2r-9h6m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h4v9-jf2r-9h6m
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.20
purl pkg:maven/org.apache.struts/struts2-core@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-3yq7-n972-j7dh
3
vulnerability VCID-4agy-6nsx-7ufh
4
vulnerability VCID-579w-2k2v-efa2
5
vulnerability VCID-6hrc-fm64-ckhf
6
vulnerability VCID-74ab-1p1c-4qbd
7
vulnerability VCID-79j9-v8gz-rfax
8
vulnerability VCID-7c97-nj5a-hqb8
9
vulnerability VCID-7fgd-jnfe-gkhp
10
vulnerability VCID-87fh-rvvb-6ubq
11
vulnerability VCID-8bsh-bshc-vkgq
12
vulnerability VCID-95ts-vpk6-uubg
13
vulnerability VCID-at5c-f8p8-67fh
14
vulnerability VCID-b7zy-qhz9-tuar
15
vulnerability VCID-bgbt-j1n9-6yg5
16
vulnerability VCID-cm62-bsdz-yye2
17
vulnerability VCID-czjh-bpfk-3yh6
18
vulnerability VCID-dk2f-14xj-9bf8
19
vulnerability VCID-gfxq-vtry-bqgg
20
vulnerability VCID-hgj2-vqzn-gyeb
21
vulnerability VCID-j5su-cnqd-6yad
22
vulnerability VCID-mdde-pa5h-w7g4
23
vulnerability VCID-p9xh-frm5-8ucp
24
vulnerability VCID-sf53-bgb2-7ue2
25
vulnerability VCID-tgd1-s1yg-9fdt
26
vulnerability VCID-vgp6-jxqt-pbf4
27
vulnerability VCID-y4qu-21c9-6fav
28
vulnerability VCID-y5uq-a6dx-3yd4
29
vulnerability VCID-ygbu-vb2t-jqhx
30
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20
aliases CVE-2014-7809, GHSA-h4v9-jf2r-9h6m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2v7h-fght-cugn
3
url VCID-3yq7-n972-j7dh
vulnerability_id VCID-3yq7-n972-j7dh
summary 
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
references
0
reference_url http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html
1
reference_url http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-0230
reference_id
reference_type
scores
0
value 0.93727
scoring_system epss
scoring_elements 0.99848
published_at 2026-04-01T12:55:00Z
1
value 0.93727
scoring_system epss
scoring_elements 0.99852
published_at 2026-04-16T12:55:00Z
2
value 0.93727
scoring_system epss
scoring_elements 0.99851
published_at 2026-04-18T12:55:00Z
3
value 0.93727
scoring_system epss
scoring_elements 0.9985
published_at 2026-04-08T12:55:00Z
4
value 0.93727
scoring_system epss
scoring_elements 0.99849
published_at 2026-04-04T12:55:00Z
5
value 0.93849
scoring_system epss
scoring_elements 0.99867
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-0230
4
reference_url https://cwiki.apache.org/confluence/display/ww/s2-059
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/ww/s2-059
5
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
6
reference_url https://launchpad.support.sap.com/#/notes/2982840
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://launchpad.support.sap.com/#/notes/2982840
7
reference_url https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E
9
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
10
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
11
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1869672
reference_id 1869672
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1869672
13
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py
reference_id CVE-2019-0230
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0230
reference_id CVE-2019-0230
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-0230
15
reference_url https://github.com/advisories/GHSA-wp4h-pvgw-5727
reference_id GHSA-wp4h-pvgw-5727
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wp4h-pvgw-5727
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.22
purl pkg:maven/org.apache.struts/struts2-core@2.5.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-87fh-rvvb-6ubq
2
vulnerability VCID-95ts-vpk6-uubg
3
vulnerability VCID-b7zy-qhz9-tuar
4
vulnerability VCID-dk2f-14xj-9bf8
5
vulnerability VCID-gfxq-vtry-bqgg
6
vulnerability VCID-hgj2-vqzn-gyeb
7
vulnerability VCID-tgd1-s1yg-9fdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22
aliases CVE-2019-0230, GHSA-wp4h-pvgw-5727
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3yq7-n972-j7dh
4
url VCID-4agy-6nsx-7ufh
vulnerability_id VCID-4agy-6nsx-7ufh
summary Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3093
reference_id
reference_type
scores
0
value 0.05068
scoring_system epss
scoring_elements 0.89801
published_at 2026-04-21T12:55:00Z
1
value 0.05068
scoring_system epss
scoring_elements 0.8975
published_at 2026-04-01T12:55:00Z
2
value 0.05068
scoring_system epss
scoring_elements 0.89753
published_at 2026-04-02T12:55:00Z
3
value 0.05068
scoring_system epss
scoring_elements 0.89768
published_at 2026-04-04T12:55:00Z
4
value 0.05068
scoring_system epss
scoring_elements 0.8977
published_at 2026-04-07T12:55:00Z
5
value 0.05068
scoring_system epss
scoring_elements 0.89787
published_at 2026-04-08T12:55:00Z
6
value 0.05068
scoring_system epss
scoring_elements 0.89793
published_at 2026-04-09T12:55:00Z
7
value 0.05068
scoring_system epss
scoring_elements 0.898
published_at 2026-04-11T12:55:00Z
8
value 0.05068
scoring_system epss
scoring_elements 0.89798
published_at 2026-04-12T12:55:00Z
9
value 0.05068
scoring_system epss
scoring_elements 0.89791
published_at 2026-04-13T12:55:00Z
10
value 0.05068
scoring_system epss
scoring_elements 0.89806
published_at 2026-04-16T12:55:00Z
11
value 0.05068
scoring_system epss
scoring_elements 0.89807
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3093
2
reference_url https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92
reference_id
reference_type
scores
url https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92
3
reference_url https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E
5
reference_url https://struts.apache.org/docs/s2-034.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-034.html
6
reference_url http://struts.apache.org/docs/s2-034.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-034.html
7
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21987854
reference_id
reference_type
scores
url http://www-01.ibm.com/support/docview.wss?uid=swg21987854
8
reference_url http://www.securityfocus.com/bid/90961
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/90961
9
reference_url http://www.securitytracker.com/id/1036018
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1036018
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1341677
reference_id 1341677
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1341677
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
62
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
63
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
64
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
65
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
66
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ognl_project:ognl:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ognl_project:ognl:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ognl_project:ognl:*:*:*:*:*:*:*:*
67
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3093
reference_id CVE-2016-3093
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3093
68
reference_url https://github.com/advisories/GHSA-383p-xqxx-rrmp
reference_id GHSA-383p-xqxx-rrmp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-383p-xqxx-rrmp
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.24.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-6hrc-fm64-ckhf
3
vulnerability VCID-74ab-1p1c-4qbd
4
vulnerability VCID-79j9-v8gz-rfax
5
vulnerability VCID-7c97-nj5a-hqb8
6
vulnerability VCID-87fh-rvvb-6ubq
7
vulnerability VCID-8bsh-bshc-vkgq
8
vulnerability VCID-95ts-vpk6-uubg
9
vulnerability VCID-b7zy-qhz9-tuar
10
vulnerability VCID-bgbt-j1n9-6yg5
11
vulnerability VCID-cm62-bsdz-yye2
12
vulnerability VCID-dk2f-14xj-9bf8
13
vulnerability VCID-gfxq-vtry-bqgg
14
vulnerability VCID-hgj2-vqzn-gyeb
15
vulnerability VCID-j5su-cnqd-6yad
16
vulnerability VCID-mdde-pa5h-w7g4
17
vulnerability VCID-sf53-bgb2-7ue2
18
vulnerability VCID-tgd1-s1yg-9fdt
19
vulnerability VCID-vgp6-jxqt-pbf4
20
vulnerability VCID-y4qu-21c9-6fav
21
vulnerability VCID-y5uq-a6dx-3yd4
22
vulnerability VCID-ygbu-vb2t-jqhx
23
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3
aliases CVE-2016-3093, GHSA-383p-xqxx-rrmp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4agy-6nsx-7ufh
5
url VCID-579w-2k2v-efa2
vulnerability_id VCID-579w-2k2v-efa2
summary In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12611
reference_id
reference_type
scores
0
value 0.94228
scoring_system epss
scoring_elements 0.99927
published_at 2026-04-21T12:55:00Z
1
value 0.94228
scoring_system epss
scoring_elements 0.99926
published_at 2026-04-18T12:55:00Z
2
value 0.94228
scoring_system epss
scoring_elements 0.99925
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12611
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa
4
reference_url https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f
5
reference_url https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001
6
reference_url https://struts.apache.org/docs/s2-053.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-053.html
7
reference_url https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829
8
reference_url http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt
9
reference_url http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
10
reference_url http://www.securityfocus.com/bid/100829
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100829
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1489478
reference_id 1489478
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1489478
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*
62
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
63
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
64
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*
65
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*
66
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*
67
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*
68
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*
69
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
70
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*
71
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*
72
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*
73
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
74
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*
75
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*
76
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
77
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*
78
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*
79
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*
80
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*
81
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
82
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
83
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*
84
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*
85
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
86
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
87
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*
88
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*
89
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*
90
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*
91
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*
92
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*
93
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*
94
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*
95
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*
96
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*
97
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*
98
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*
99
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*
100
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*
101
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*
102
reference_url https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py
reference_id CVE-2017-12611
reference_type exploit
scores
url https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py
103
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py
reference_id CVE-2017-12611
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py
104
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12611
reference_id CVE-2017-12611
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12611
105
reference_url https://github.com/advisories/GHSA-8fx9-5hx8-crhm
reference_id GHSA-8fx9-5hx8-crhm
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8fx9-5hx8-crhm
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.20.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.20.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-3yq7-n972-j7dh
2
vulnerability VCID-4agy-6nsx-7ufh
3
vulnerability VCID-6hrc-fm64-ckhf
4
vulnerability VCID-74ab-1p1c-4qbd
5
vulnerability VCID-79j9-v8gz-rfax
6
vulnerability VCID-7c97-nj5a-hqb8
7
vulnerability VCID-87fh-rvvb-6ubq
8
vulnerability VCID-8bsh-bshc-vkgq
9
vulnerability VCID-95ts-vpk6-uubg
10
vulnerability VCID-at5c-f8p8-67fh
11
vulnerability VCID-b7zy-qhz9-tuar
12
vulnerability VCID-bgbt-j1n9-6yg5
13
vulnerability VCID-cm62-bsdz-yye2
14
vulnerability VCID-dk2f-14xj-9bf8
15
vulnerability VCID-gfxq-vtry-bqgg
16
vulnerability VCID-hgj2-vqzn-gyeb
17
vulnerability VCID-j5su-cnqd-6yad
18
vulnerability VCID-sf53-bgb2-7ue2
19
vulnerability VCID-tgd1-s1yg-9fdt
20
vulnerability VCID-vgp6-jxqt-pbf4
21
vulnerability VCID-y4qu-21c9-6fav
22
vulnerability VCID-y5uq-a6dx-3yd4
23
vulnerability VCID-ygbu-vb2t-jqhx
24
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3
1
url pkg:maven/org.apache.struts/struts2-core@2.3.34
purl pkg:maven/org.apache.struts/struts2-core@2.3.34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-79j9-v8gz-rfax
2
vulnerability VCID-87fh-rvvb-6ubq
3
vulnerability VCID-95ts-vpk6-uubg
4
vulnerability VCID-b7zy-qhz9-tuar
5
vulnerability VCID-bgbt-j1n9-6yg5
6
vulnerability VCID-cm62-bsdz-yye2
7
vulnerability VCID-dk2f-14xj-9bf8
8
vulnerability VCID-gfxq-vtry-bqgg
9
vulnerability VCID-hgj2-vqzn-gyeb
10
vulnerability VCID-tgd1-s1yg-9fdt
11
vulnerability VCID-y5uq-a6dx-3yd4
12
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34
2
url pkg:maven/org.apache.struts/struts2-core@2.5.10.1
purl pkg:maven/org.apache.struts/struts2-core@2.5.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-79j9-v8gz-rfax
3
vulnerability VCID-87fh-rvvb-6ubq
4
vulnerability VCID-95ts-vpk6-uubg
5
vulnerability VCID-b7zy-qhz9-tuar
6
vulnerability VCID-bgbt-j1n9-6yg5
7
vulnerability VCID-cm62-bsdz-yye2
8
vulnerability VCID-dk2f-14xj-9bf8
9
vulnerability VCID-gfxq-vtry-bqgg
10
vulnerability VCID-hgj2-vqzn-gyeb
11
vulnerability VCID-mdde-pa5h-w7g4
12
vulnerability VCID-tgd1-s1yg-9fdt
13
vulnerability VCID-y4qu-21c9-6fav
14
vulnerability VCID-y5uq-a6dx-3yd4
15
vulnerability VCID-zkg1-bed6-bbfv
16
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1
3
url pkg:maven/org.apache.struts/struts2-core@2.5.11
purl pkg:maven/org.apache.struts/struts2-core@2.5.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.11
4
url pkg:maven/org.apache.struts/struts2-core@2.5.12
purl pkg:maven/org.apache.struts/struts2-core@2.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-79j9-v8gz-rfax
2
vulnerability VCID-87fh-rvvb-6ubq
3
vulnerability VCID-95ts-vpk6-uubg
4
vulnerability VCID-b7zy-qhz9-tuar
5
vulnerability VCID-bgbt-j1n9-6yg5
6
vulnerability VCID-cm62-bsdz-yye2
7
vulnerability VCID-dk2f-14xj-9bf8
8
vulnerability VCID-gfxq-vtry-bqgg
9
vulnerability VCID-hgj2-vqzn-gyeb
10
vulnerability VCID-mdde-pa5h-w7g4
11
vulnerability VCID-tgd1-s1yg-9fdt
12
vulnerability VCID-y5uq-a6dx-3yd4
13
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12
aliases CVE-2017-12611, GHSA-8fx9-5hx8-crhm
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-579w-2k2v-efa2
6
url VCID-6241-shkt-s7ew
vulnerability_id VCID-6241-shkt-s7ew
summary Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2134
reference_id
reference_type
scores
0
value 0.91526
scoring_system epss
scoring_elements 0.99671
published_at 2026-04-09T12:55:00Z
1
value 0.91526
scoring_system epss
scoring_elements 0.99675
published_at 2026-04-21T12:55:00Z
2
value 0.91526
scoring_system epss
scoring_elements 0.99674
published_at 2026-04-18T12:55:00Z
3
value 0.91526
scoring_system epss
scoring_elements 0.99673
published_at 2026-04-16T12:55:00Z
4
value 0.91526
scoring_system epss
scoring_elements 0.99672
published_at 2026-04-13T12:55:00Z
5
value 0.92052
scoring_system epss
scoring_elements 0.99699
published_at 2026-04-02T12:55:00Z
6
value 0.92052
scoring_system epss
scoring_elements 0.99701
published_at 2026-04-07T12:55:00Z
7
value 0.92052
scoring_system epss
scoring_elements 0.997
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2134
1
reference_url https://cwiki.apache.org/confluence/display/WW/S2-015
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-015
2
reference_url http://security.gentoo.org/glsa/glsa-201409-04.xml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-201409-04.xml
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e
5
reference_url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0
6
reference_url https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f
7
reference_url https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c
8
reference_url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe
9
reference_url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3
10
reference_url https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba
11
reference_url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3
12
reference_url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37
13
reference_url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1
14
reference_url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16
15
reference_url https://issues.apache.org/jira/browse/WW-4090
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4090
16
reference_url https://issues.apache.org/jira/browse/WW-4094
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4094
17
reference_url https://issues.apache.org/jira/browse/WW-4095
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4095
18
reference_url http://struts.apache.org/development/2.x/docs/s2-015.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/development/2.x/docs/s2-015.html
19
reference_url http://struts.apache.org/docs/s2-015.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-015.html
20
reference_url https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346
21
reference_url https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758
22
reference_url http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
23
reference_url http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
24
reference_url http://www.securityfocus.com/bid/60346
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/60346
25
reference_url http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/64758
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2134
reference_id CVE-2013-2134
reference_type
scores
0
value 9.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:C/I:C/A:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2134
28
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt
reference_id CVE-2013-2134;OSVDB-93969
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt
29
reference_url https://www.securityfocus.com/bid/60345/info
reference_id CVE-2013-2134;OSVDB-93969
reference_type exploit
scores
url https://www.securityfocus.com/bid/60345/info
30
reference_url https://github.com/advisories/GHSA-gqqm-564f-vvxq
reference_id GHSA-gqqm-564f-vvxq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gqqm-564f-vvxq
31
reference_url https://security.gentoo.org/glsa/201409-04
reference_id GLSA-201409-04
reference_type
scores
url https://security.gentoo.org/glsa/201409-04
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.14.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.14.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6hrc-fm64-ckhf
7
vulnerability VCID-6t1x-s2k2-b7bq
8
vulnerability VCID-74ab-1p1c-4qbd
9
vulnerability VCID-759g-hsfg-97f8
10
vulnerability VCID-79j9-v8gz-rfax
11
vulnerability VCID-7c97-nj5a-hqb8
12
vulnerability VCID-87fh-rvvb-6ubq
13
vulnerability VCID-8bsh-bshc-vkgq
14
vulnerability VCID-8mws-fbmg-cqa9
15
vulnerability VCID-95ts-vpk6-uubg
16
vulnerability VCID-at5c-f8p8-67fh
17
vulnerability VCID-b59n-uxft-4qgz
18
vulnerability VCID-b7zy-qhz9-tuar
19
vulnerability VCID-bgbt-j1n9-6yg5
20
vulnerability VCID-cm62-bsdz-yye2
21
vulnerability VCID-dk2f-14xj-9bf8
22
vulnerability VCID-gfxq-vtry-bqgg
23
vulnerability VCID-h4yg-zrv6-aqa1
24
vulnerability VCID-hgj2-vqzn-gyeb
25
vulnerability VCID-j5su-cnqd-6yad
26
vulnerability VCID-kdsa-599r-eud7
27
vulnerability VCID-mdde-pa5h-w7g4
28
vulnerability VCID-me84-wy85-hkf5
29
vulnerability VCID-n2dn-bnjc-13gp
30
vulnerability VCID-qqm4-frqy-bua5
31
vulnerability VCID-tcaj-6bcg-k7g2
32
vulnerability VCID-tgd1-s1yg-9fdt
33
vulnerability VCID-vgp6-jxqt-pbf4
34
vulnerability VCID-xz41-1z86-37ew
35
vulnerability VCID-y4qu-21c9-6fav
36
vulnerability VCID-y5uq-a6dx-3yd4
37
vulnerability VCID-ygbu-vb2t-jqhx
38
vulnerability VCID-zb3c-gnyc-yug8
39
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3
aliases CVE-2013-2134, GHSA-gqqm-564f-vvxq
risk_score 10.0
exploitability 2.0
weighted_severity 8.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6241-shkt-s7ew
7
url VCID-6hrc-fm64-ckhf
vulnerability_id VCID-6hrc-fm64-ckhf
summary Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2162
reference_id
reference_type
scores
0
value 0.01235
scoring_system epss
scoring_elements 0.79227
published_at 2026-04-18T12:55:00Z
1
value 0.01235
scoring_system epss
scoring_elements 0.79154
published_at 2026-04-01T12:55:00Z
2
value 0.01235
scoring_system epss
scoring_elements 0.7916
published_at 2026-04-02T12:55:00Z
3
value 0.01235
scoring_system epss
scoring_elements 0.79185
published_at 2026-04-04T12:55:00Z
4
value 0.01235
scoring_system epss
scoring_elements 0.79171
published_at 2026-04-07T12:55:00Z
5
value 0.01235
scoring_system epss
scoring_elements 0.79196
published_at 2026-04-08T12:55:00Z
6
value 0.01235
scoring_system epss
scoring_elements 0.79204
published_at 2026-04-13T12:55:00Z
7
value 0.01235
scoring_system epss
scoring_elements 0.79228
published_at 2026-04-21T12:55:00Z
8
value 0.01235
scoring_system epss
scoring_elements 0.79213
published_at 2026-04-12T12:55:00Z
9
value 0.01235
scoring_system epss
scoring_elements 0.7923
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2162
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java
5
reference_url https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2162
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-2162
7
reference_url http://struts.apache.org/docs/s2-030.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/docs/s2-030.html
8
reference_url https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070
9
reference_url https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272
10
reference_url http://www.securityfocus.com/bid/85070
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/85070
11
reference_url http://www.securitytracker.com/id/1035272
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1035272
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1326724
reference_id 1326724
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1326724
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2_beta:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.2_beta:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2_beta:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
62
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
63
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
64
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
65
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
66
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
67
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
68
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
69
reference_url https://github.com/advisories/GHSA-2j4q-9fff-236j
reference_id GHSA-2j4q-9fff-236j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2j4q-9fff-236j
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.28
purl pkg:maven/org.apache.struts/struts2-core@2.3.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rjv-1thm-dugt
1
vulnerability VCID-3yq7-n972-j7dh
2
vulnerability VCID-579w-2k2v-efa2
3
vulnerability VCID-74ab-1p1c-4qbd
4
vulnerability VCID-79j9-v8gz-rfax
5
vulnerability VCID-7c97-nj5a-hqb8
6
vulnerability VCID-7fgd-jnfe-gkhp
7
vulnerability VCID-87fh-rvvb-6ubq
8
vulnerability VCID-8bsh-bshc-vkgq
9
vulnerability VCID-95ts-vpk6-uubg
10
vulnerability VCID-b7zy-qhz9-tuar
11
vulnerability VCID-bgbt-j1n9-6yg5
12
vulnerability VCID-cm62-bsdz-yye2
13
vulnerability VCID-czjh-bpfk-3yh6
14
vulnerability VCID-dk2f-14xj-9bf8
15
vulnerability VCID-gfxq-vtry-bqgg
16
vulnerability VCID-hgj2-vqzn-gyeb
17
vulnerability VCID-mdde-pa5h-w7g4
18
vulnerability VCID-sf53-bgb2-7ue2
19
vulnerability VCID-tgd1-s1yg-9fdt
20
vulnerability VCID-vgp6-jxqt-pbf4
21
vulnerability VCID-y4qu-21c9-6fav
22
vulnerability VCID-y5uq-a6dx-3yd4
23
vulnerability VCID-ygbu-vb2t-jqhx
24
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28
aliases CVE-2016-2162, GHSA-2j4q-9fff-236j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6hrc-fm64-ckhf
8
url VCID-6t1x-s2k2-b7bq
vulnerability_id VCID-6t1x-s2k2-b7bq
summary Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4310.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4310.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4310
reference_id
reference_type
scores
0
value 0.08725
scoring_system epss
scoring_elements 0.9251
published_at 2026-04-21T12:55:00Z
1
value 0.08725
scoring_system epss
scoring_elements 0.9249
published_at 2026-04-09T12:55:00Z
2
value 0.08725
scoring_system epss
scoring_elements 0.92496
published_at 2026-04-13T12:55:00Z
3
value 0.08725
scoring_system epss
scoring_elements 0.92498
published_at 2026-04-12T12:55:00Z
4
value 0.08725
scoring_system epss
scoring_elements 0.92507
published_at 2026-04-16T12:55:00Z
5
value 0.08725
scoring_system epss
scoring_elements 0.92506
published_at 2026-04-18T12:55:00Z
6
value 0.08725
scoring_system epss
scoring_elements 0.92456
published_at 2026-04-01T12:55:00Z
7
value 0.08725
scoring_system epss
scoring_elements 0.92462
published_at 2026-04-02T12:55:00Z
8
value 0.08725
scoring_system epss
scoring_elements 0.92471
published_at 2026-04-04T12:55:00Z
9
value 0.08725
scoring_system epss
scoring_elements 0.92474
published_at 2026-04-07T12:55:00Z
10
value 0.08725
scoring_system epss
scoring_elements 0.92485
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4310
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4310
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4310
5
reference_url http://struts.apache.org/docs/s2-018.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-018.html
6
reference_url http://struts.apache.org/release/2.3.x/docs/s2-018.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/release/2.3.x/docs/s2-018.html
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1013030
reference_id 1013030
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1013030
8
reference_url https://github.com/advisories/GHSA-q5q8-jghf-3pm3
reference_id GHSA-q5q8-jghf-3pm3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q5q8-jghf-3pm3
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.15.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.15.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6hrc-fm64-ckhf
7
vulnerability VCID-74ab-1p1c-4qbd
8
vulnerability VCID-79j9-v8gz-rfax
9
vulnerability VCID-7c97-nj5a-hqb8
10
vulnerability VCID-87fh-rvvb-6ubq
11
vulnerability VCID-8bsh-bshc-vkgq
12
vulnerability VCID-8mws-fbmg-cqa9
13
vulnerability VCID-95ts-vpk6-uubg
14
vulnerability VCID-at5c-f8p8-67fh
15
vulnerability VCID-b7zy-qhz9-tuar
16
vulnerability VCID-bgbt-j1n9-6yg5
17
vulnerability VCID-cm62-bsdz-yye2
18
vulnerability VCID-dk2f-14xj-9bf8
19
vulnerability VCID-gfxq-vtry-bqgg
20
vulnerability VCID-h4yg-zrv6-aqa1
21
vulnerability VCID-hgj2-vqzn-gyeb
22
vulnerability VCID-j5su-cnqd-6yad
23
vulnerability VCID-kdsa-599r-eud7
24
vulnerability VCID-mdde-pa5h-w7g4
25
vulnerability VCID-me84-wy85-hkf5
26
vulnerability VCID-n2dn-bnjc-13gp
27
vulnerability VCID-qqm4-frqy-bua5
28
vulnerability VCID-tcaj-6bcg-k7g2
29
vulnerability VCID-tgd1-s1yg-9fdt
30
vulnerability VCID-vgp6-jxqt-pbf4
31
vulnerability VCID-y4qu-21c9-6fav
32
vulnerability VCID-y5uq-a6dx-3yd4
33
vulnerability VCID-ygbu-vb2t-jqhx
34
vulnerability VCID-zb3c-gnyc-yug8
35
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.3
aliases CVE-2013-4310, GHSA-q5q8-jghf-3pm3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6t1x-s2k2-b7bq
9
url VCID-759g-hsfg-97f8
vulnerability_id VCID-759g-hsfg-97f8
summary Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2248
reference_id
reference_type
scores
0
value 0.91954
scoring_system epss
scoring_elements 0.99693
published_at 2026-04-04T12:55:00Z
1
value 0.91954
scoring_system epss
scoring_elements 0.997
published_at 2026-04-21T12:55:00Z
2
value 0.91954
scoring_system epss
scoring_elements 0.99698
published_at 2026-04-18T12:55:00Z
3
value 0.91954
scoring_system epss
scoring_elements 0.99697
published_at 2026-04-16T12:55:00Z
4
value 0.91954
scoring_system epss
scoring_elements 0.99696
published_at 2026-04-13T12:55:00Z
5
value 0.91954
scoring_system epss
scoring_elements 0.99695
published_at 2026-04-09T12:55:00Z
6
value 0.91954
scoring_system epss
scoring_elements 0.99692
published_at 2026-04-02T12:55:00Z
7
value 0.91954
scoring_system epss
scoring_elements 0.99694
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2248
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
2
reference_url https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6
3
reference_url https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e
4
reference_url https://issues.apache.org/jira/browse/WW-4140
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4140
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2248
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2248
6
reference_url http://struts.apache.org/docs/s2-017.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-017.html
7
reference_url http://struts.apache.org/release/2.3.x/docs/s2-017.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/release/2.3.x/docs/s2-017.html
8
reference_url http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html
reference_id
reference_type
scores
url http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html
9
reference_url http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
10
reference_url http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
11
reference_url http://www.securityfocus.com/bid/61196
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/61196
12
reference_url http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/64758
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
57
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38666.txt
reference_id CVE-2013-2248;OSVDB-95406
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38666.txt
58
reference_url https://www.securityfocus.com/bid/61196/info
reference_id CVE-2013-2248;OSVDB-95406
reference_type exploit
scores
url https://www.securityfocus.com/bid/61196/info
59
reference_url https://github.com/advisories/GHSA-rpj9-r897-wc6q
reference_id GHSA-rpj9-r897-wc6q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rpj9-r897-wc6q
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.15.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6hrc-fm64-ckhf
7
vulnerability VCID-6t1x-s2k2-b7bq
8
vulnerability VCID-74ab-1p1c-4qbd
9
vulnerability VCID-79j9-v8gz-rfax
10
vulnerability VCID-7c97-nj5a-hqb8
11
vulnerability VCID-87fh-rvvb-6ubq
12
vulnerability VCID-8bsh-bshc-vkgq
13
vulnerability VCID-8mws-fbmg-cqa9
14
vulnerability VCID-95ts-vpk6-uubg
15
vulnerability VCID-at5c-f8p8-67fh
16
vulnerability VCID-b59n-uxft-4qgz
17
vulnerability VCID-b7zy-qhz9-tuar
18
vulnerability VCID-bgbt-j1n9-6yg5
19
vulnerability VCID-cm62-bsdz-yye2
20
vulnerability VCID-dk2f-14xj-9bf8
21
vulnerability VCID-gfxq-vtry-bqgg
22
vulnerability VCID-h4yg-zrv6-aqa1
23
vulnerability VCID-hgj2-vqzn-gyeb
24
vulnerability VCID-j5su-cnqd-6yad
25
vulnerability VCID-kdsa-599r-eud7
26
vulnerability VCID-mdde-pa5h-w7g4
27
vulnerability VCID-me84-wy85-hkf5
28
vulnerability VCID-n2dn-bnjc-13gp
29
vulnerability VCID-qqm4-frqy-bua5
30
vulnerability VCID-tcaj-6bcg-k7g2
31
vulnerability VCID-tgd1-s1yg-9fdt
32
vulnerability VCID-vgp6-jxqt-pbf4
33
vulnerability VCID-y4qu-21c9-6fav
34
vulnerability VCID-y5uq-a6dx-3yd4
35
vulnerability VCID-ygbu-vb2t-jqhx
36
vulnerability VCID-zb3c-gnyc-yug8
37
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.1
aliases CVE-2013-2248, GHSA-rpj9-r897-wc6q
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-759g-hsfg-97f8
10
url VCID-79j9-v8gz-rfax
vulnerability_id VCID-79j9-v8gz-rfax
summary 
Remote code execution in Apache Struts
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
references
0
reference_url http://jvn.jp/en/jp/JVN43969166/index.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url http://jvn.jp/en/jp/JVN43969166/index.html
1
reference_url http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-17530
reference_id
reference_type
scores
0
value 0.94376
scoring_system epss
scoring_elements 0.99967
published_at 2026-04-13T12:55:00Z
1
value 0.94376
scoring_system epss
scoring_elements 0.99966
published_at 2026-04-21T12:55:00Z
2
value 0.94376
scoring_system epss
scoring_elements 0.99968
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-17530
4
reference_url https://cwiki.apache.org/confluence/display/WW/S2-061
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url https://cwiki.apache.org/confluence/display/WW/S2-061
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
7
reference_url https://security.netapp.com/advisory/ntap-20210115-0005
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210115-0005
8
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530
9
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url https://www.oracle.com/security-alerts/cpuApr2021.html
10
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url https://www.oracle.com/security-alerts/cpujan2021.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url https://www.oracle.com//security-alerts/cpujul2021.html
14
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
15
reference_url http://www.openwall.com/lists/oss-security/2022/04/12/6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url http://www.openwall.com/lists/oss-security/2022/04/12/6
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1905645
reference_id 1905645
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1905645
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-17530
reference_id CVE-2020-17530
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-17530
18
reference_url https://github.com/advisories/GHSA-jc35-q369-45pv
reference_id GHSA-jc35-q369-45pv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jc35-q369-45pv
19
reference_url https://security.netapp.com/advisory/ntap-20210115-0005/
reference_id ntap-20210115-0005
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url https://security.netapp.com/advisory/ntap-20210115-0005/
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.26
purl pkg:maven/org.apache.struts/struts2-core@2.5.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-b7zy-qhz9-tuar
3
vulnerability VCID-dk2f-14xj-9bf8
4
vulnerability VCID-gfxq-vtry-bqgg
5
vulnerability VCID-hgj2-vqzn-gyeb
6
vulnerability VCID-tgd1-s1yg-9fdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.26
aliases CVE-2020-17530, GHSA-jc35-q369-45pv
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-79j9-v8gz-rfax
11
url VCID-87fh-rvvb-6ubq
vulnerability_id VCID-87fh-rvvb-6ubq
summary 
Apache Struts file upload logic is flawed
File upload logic is flawed vulnerability in Apache Struts. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.

This issue affects Apache Struts: from 2.0.0 before 6.4.0.

Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload. If you are not using an old file upload logic based on FileuploadInterceptor your application is safe.

You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067 .
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53677
reference_id
reference_type
scores
0
value 0.91785
scoring_system epss
scoring_elements 0.99685
published_at 2026-04-04T12:55:00Z
1
value 0.91785
scoring_system epss
scoring_elements 0.99684
published_at 2026-04-02T12:55:00Z
2
value 0.91785
scoring_system epss
scoring_elements 0.99686
published_at 2026-04-07T12:55:00Z
3
value 0.93053
scoring_system epss
scoring_elements 0.99788
published_at 2026-04-08T12:55:00Z
4
value 0.93053
scoring_system epss
scoring_elements 0.99791
published_at 2026-04-18T12:55:00Z
5
value 0.93053
scoring_system epss
scoring_elements 0.99789
published_at 2026-04-13T12:55:00Z
6
value 0.93081
scoring_system epss
scoring_elements 0.99793
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53677
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-067
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-12T15:19:19Z/
url https://cwiki.apache.org/confluence/display/WW/S2-067
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854
6
reference_url https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78
7
reference_url https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53677
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53677
9
reference_url https://security.netapp.com/advisory/ntap-20250103-0005
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250103-0005
10
reference_url https://struts.apache.org/core-developers/file-upload
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/core-developers/file-upload
11
reference_url https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2331686
reference_id 2331686
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2331686
13
reference_url https://github.com/advisories/GHSA-43mq-6xmg-29vm
reference_id GHSA-43mq-6xmg-29vm
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43mq-6xmg-29vm
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@6.4.0
purl pkg:maven/org.apache.struts/struts2-core@6.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-95ts-vpk6-uubg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.4.0
aliases CVE-2024-53677, GHSA-43mq-6xmg-29vm
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-87fh-rvvb-6ubq
12
url VCID-8bsh-bshc-vkgq
vulnerability_id VCID-8bsh-bshc-vkgq
summary 
Apache Struts forced double OGNL evaluation
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4461
reference_id
reference_type
scores
0
value 0.01704
scoring_system epss
scoring_elements 0.8234
published_at 2026-04-21T12:55:00Z
1
value 0.01704
scoring_system epss
scoring_elements 0.82235
published_at 2026-04-01T12:55:00Z
2
value 0.01704
scoring_system epss
scoring_elements 0.82248
published_at 2026-04-02T12:55:00Z
3
value 0.01704
scoring_system epss
scoring_elements 0.82267
published_at 2026-04-04T12:55:00Z
4
value 0.01704
scoring_system epss
scoring_elements 0.82262
published_at 2026-04-07T12:55:00Z
5
value 0.01704
scoring_system epss
scoring_elements 0.82288
published_at 2026-04-08T12:55:00Z
6
value 0.01704
scoring_system epss
scoring_elements 0.82296
published_at 2026-04-09T12:55:00Z
7
value 0.01704
scoring_system epss
scoring_elements 0.82315
published_at 2026-04-11T12:55:00Z
8
value 0.01704
scoring_system epss
scoring_elements 0.82309
published_at 2026-04-12T12:55:00Z
9
value 0.01704
scoring_system epss
scoring_elements 0.82304
published_at 2026-04-13T12:55:00Z
10
value 0.01704
scoring_system epss
scoring_elements 0.82338
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4461
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
2
reference_url https://security.netapp.com/advisory/ntap-20180629-0004
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180629-0004
3
reference_url https://security.netapp.com/advisory/ntap-20180629-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180629-0004/
4
reference_url https://struts.apache.org/docs/s2-036.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-036.html
5
reference_url http://www.securityfocus.com/bid/91277
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/91277
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4461
reference_id CVE-2016-4461
reference_type
scores
0
value 9.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:C/I:C/A:C
1
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4461
9
reference_url https://github.com/advisories/GHSA-864w-r5qj-h6fj
reference_id GHSA-864w-r5qj-h6fj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-864w-r5qj-h6fj
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.29
purl pkg:maven/org.apache.struts/struts2-core@2.3.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-74ab-1p1c-4qbd
3
vulnerability VCID-79j9-v8gz-rfax
4
vulnerability VCID-7c97-nj5a-hqb8
5
vulnerability VCID-87fh-rvvb-6ubq
6
vulnerability VCID-95ts-vpk6-uubg
7
vulnerability VCID-b7zy-qhz9-tuar
8
vulnerability VCID-bgbt-j1n9-6yg5
9
vulnerability VCID-cm62-bsdz-yye2
10
vulnerability VCID-dk2f-14xj-9bf8
11
vulnerability VCID-gfxq-vtry-bqgg
12
vulnerability VCID-hgj2-vqzn-gyeb
13
vulnerability VCID-mdde-pa5h-w7g4
14
vulnerability VCID-tgd1-s1yg-9fdt
15
vulnerability VCID-y4qu-21c9-6fav
16
vulnerability VCID-y5uq-a6dx-3yd4
17
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29
aliases CVE-2016-4461, GHSA-864w-r5qj-h6fj
risk_score 4.0
exploitability 0.5
weighted_severity 8.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8bsh-bshc-vkgq
13
url VCID-8mws-fbmg-cqa9
vulnerability_id VCID-8mws-fbmg-cqa9
summary 
Cross-site Scripting in Apache Struts
When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. 

It is generally not advisable to have debug mode switched on outside of the development environment. Debug mode should always be turned off in production setup. Also never expose JSPs files directly and hide them inside WEB-INF folder or define dedicated security constraints to block access to raw JSP files.

Struts >= 2.3.20 is not vulnerable to this attack. We recommend upgrading to Struts 2.3.20 or higher if turning off debug mode is not possible.
references
0
reference_url http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html
1
reference_url http://jvn.jp/en/jp/JVN88408929/index.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN88408929/index.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-2992
reference_id
reference_type
scores
0
value 0.00992
scoring_system epss
scoring_elements 0.76944
published_at 2026-04-18T12:55:00Z
1
value 0.00992
scoring_system epss
scoring_elements 0.76922
published_at 2026-04-11T12:55:00Z
2
value 0.00992
scoring_system epss
scoring_elements 0.76936
published_at 2026-04-21T12:55:00Z
3
value 0.00992
scoring_system epss
scoring_elements 0.76895
published_at 2026-04-09T12:55:00Z
4
value 0.00992
scoring_system epss
scoring_elements 0.76902
published_at 2026-04-12T12:55:00Z
5
value 0.00992
scoring_system epss
scoring_elements 0.76939
published_at 2026-04-16T12:55:00Z
6
value 0.00992
scoring_system epss
scoring_elements 0.76834
published_at 2026-04-01T12:55:00Z
7
value 0.00992
scoring_system epss
scoring_elements 0.76841
published_at 2026-04-02T12:55:00Z
8
value 0.00992
scoring_system epss
scoring_elements 0.76897
published_at 2026-04-13T12:55:00Z
9
value 0.00992
scoring_system epss
scoring_elements 0.76871
published_at 2026-04-04T12:55:00Z
10
value 0.00992
scoring_system epss
scoring_elements 0.76853
published_at 2026-04-07T12:55:00Z
11
value 0.00992
scoring_system epss
scoring_elements 0.76884
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-2992
4
reference_url https://cwiki.apache.org/confluence/display/WW/S2-025
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-025
5
reference_url https://cwiki.apache.org/confluence/display/WW/Security
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/Security
6
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-2992
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-2992
8
reference_url https://security.netapp.com/advisory/ntap-20200330-0001
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200330-0001
9
reference_url https://security.netapp.com/advisory/ntap-20200330-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200330-0001/
10
reference_url http://www.securityfocus.com/bid/76624
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/76624
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1260101
reference_id 1260101
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1260101
12
reference_url https://github.com/advisories/GHSA-265r-pp83-gww7
reference_id GHSA-265r-pp83-gww7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-265r-pp83-gww7
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.20
purl pkg:maven/org.apache.struts/struts2-core@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-3yq7-n972-j7dh
3
vulnerability VCID-4agy-6nsx-7ufh
4
vulnerability VCID-579w-2k2v-efa2
5
vulnerability VCID-6hrc-fm64-ckhf
6
vulnerability VCID-74ab-1p1c-4qbd
7
vulnerability VCID-79j9-v8gz-rfax
8
vulnerability VCID-7c97-nj5a-hqb8
9
vulnerability VCID-7fgd-jnfe-gkhp
10
vulnerability VCID-87fh-rvvb-6ubq
11
vulnerability VCID-8bsh-bshc-vkgq
12
vulnerability VCID-95ts-vpk6-uubg
13
vulnerability VCID-at5c-f8p8-67fh
14
vulnerability VCID-b7zy-qhz9-tuar
15
vulnerability VCID-bgbt-j1n9-6yg5
16
vulnerability VCID-cm62-bsdz-yye2
17
vulnerability VCID-czjh-bpfk-3yh6
18
vulnerability VCID-dk2f-14xj-9bf8
19
vulnerability VCID-gfxq-vtry-bqgg
20
vulnerability VCID-hgj2-vqzn-gyeb
21
vulnerability VCID-j5su-cnqd-6yad
22
vulnerability VCID-mdde-pa5h-w7g4
23
vulnerability VCID-p9xh-frm5-8ucp
24
vulnerability VCID-sf53-bgb2-7ue2
25
vulnerability VCID-tgd1-s1yg-9fdt
26
vulnerability VCID-vgp6-jxqt-pbf4
27
vulnerability VCID-y4qu-21c9-6fav
28
vulnerability VCID-y5uq-a6dx-3yd4
29
vulnerability VCID-ygbu-vb2t-jqhx
30
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20
aliases CVE-2015-2992, GHSA-265r-pp83-gww7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mws-fbmg-cqa9
14
url VCID-95ts-vpk6-uubg
vulnerability_id VCID-95ts-vpk6-uubg
summary 
Apache Struts has a Denial of Service vulnerability
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66675
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31599
published_at 2026-04-08T12:55:00Z
1
value 0.00124
scoring_system epss
scoring_elements 0.31685
published_at 2026-04-02T12:55:00Z
2
value 0.00124
scoring_system epss
scoring_elements 0.31628
published_at 2026-04-09T12:55:00Z
3
value 0.00124
scoring_system epss
scoring_elements 0.31729
published_at 2026-04-04T12:55:00Z
4
value 0.00124
scoring_system epss
scoring_elements 0.31547
published_at 2026-04-07T12:55:00Z
5
value 0.00189
scoring_system epss
scoring_elements 0.40733
published_at 2026-04-13T12:55:00Z
6
value 0.00189
scoring_system epss
scoring_elements 0.40752
published_at 2026-04-12T12:55:00Z
7
value 0.00189
scoring_system epss
scoring_elements 0.40786
published_at 2026-04-11T12:55:00Z
8
value 0.00189
scoring_system epss
scoring_elements 0.4067
published_at 2026-04-21T12:55:00Z
9
value 0.00189
scoring_system epss
scoring_elements 0.40748
published_at 2026-04-18T12:55:00Z
10
value 0.00189
scoring_system epss
scoring_elements 0.40778
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66675
1
reference_url https://cve.org/CVERecord?id=CVE-2025-64775
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/
url https://cve.org/CVERecord?id=CVE-2025-64775
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-068
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/
url https://cwiki.apache.org/confluence/display/WW/S2-068
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66675
reference_id CVE-2025-66675
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66675
6
reference_url https://github.com/advisories/GHSA-rg58-xhh7-mqjw
reference_id GHSA-rg58-xhh7-mqjw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rg58-xhh7-mqjw
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@6.8.0
purl pkg:maven/org.apache.struts/struts2-core@6.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0
1
url pkg:maven/org.apache.struts/struts2-core@7.1.1
purl pkg:maven/org.apache.struts/struts2-core@7.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1
aliases CVE-2025-66675, GHSA-rg58-xhh7-mqjw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95ts-vpk6-uubg
15
url VCID-at5c-f8p8-67fh
vulnerability_id VCID-at5c-f8p8-67fh
summary Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4003
reference_id
reference_type
scores
0
value 0.02629
scoring_system epss
scoring_elements 0.85608
published_at 2026-04-01T12:55:00Z
1
value 0.02629
scoring_system epss
scoring_elements 0.85705
published_at 2026-04-21T12:55:00Z
2
value 0.02629
scoring_system epss
scoring_elements 0.85711
published_at 2026-04-18T12:55:00Z
3
value 0.02629
scoring_system epss
scoring_elements 0.85706
published_at 2026-04-16T12:55:00Z
4
value 0.02629
scoring_system epss
scoring_elements 0.85684
published_at 2026-04-13T12:55:00Z
5
value 0.02629
scoring_system epss
scoring_elements 0.85687
published_at 2026-04-12T12:55:00Z
6
value 0.02629
scoring_system epss
scoring_elements 0.85691
published_at 2026-04-11T12:55:00Z
7
value 0.02629
scoring_system epss
scoring_elements 0.85677
published_at 2026-04-09T12:55:00Z
8
value 0.02629
scoring_system epss
scoring_elements 0.85665
published_at 2026-04-08T12:55:00Z
9
value 0.02629
scoring_system epss
scoring_elements 0.85645
published_at 2026-04-07T12:55:00Z
10
value 0.02629
scoring_system epss
scoring_elements 0.85638
published_at 2026-04-04T12:55:00Z
11
value 0.02629
scoring_system epss
scoring_elements 0.8562
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4003
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc
5
reference_url https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9
6
reference_url https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e
7
reference_url https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2
8
reference_url https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c
9
reference_url https://issues.apache.org/jira/browse/WW-4507
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4507
10
reference_url http://struts.apache.org/docs/s2-028.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/docs/s2-028.html
11
reference_url https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311
12
reference_url https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268
13
reference_url http://www.securityfocus.com/bid/86311
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/86311
14
reference_url http://www.securitytracker.com/id/1035268
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1035268
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1326725
reference_id 1326725
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1326725
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4003
reference_id CVE-2016-4003
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4003
18
reference_url https://github.com/advisories/GHSA-m3x6-9v6h-4g28
reference_id GHSA-m3x6-9v6h-4g28
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m3x6-9v6h-4g28
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.24.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-6hrc-fm64-ckhf
3
vulnerability VCID-74ab-1p1c-4qbd
4
vulnerability VCID-79j9-v8gz-rfax
5
vulnerability VCID-7c97-nj5a-hqb8
6
vulnerability VCID-87fh-rvvb-6ubq
7
vulnerability VCID-8bsh-bshc-vkgq
8
vulnerability VCID-95ts-vpk6-uubg
9
vulnerability VCID-b7zy-qhz9-tuar
10
vulnerability VCID-bgbt-j1n9-6yg5
11
vulnerability VCID-cm62-bsdz-yye2
12
vulnerability VCID-dk2f-14xj-9bf8
13
vulnerability VCID-gfxq-vtry-bqgg
14
vulnerability VCID-hgj2-vqzn-gyeb
15
vulnerability VCID-j5su-cnqd-6yad
16
vulnerability VCID-mdde-pa5h-w7g4
17
vulnerability VCID-sf53-bgb2-7ue2
18
vulnerability VCID-tgd1-s1yg-9fdt
19
vulnerability VCID-vgp6-jxqt-pbf4
20
vulnerability VCID-y4qu-21c9-6fav
21
vulnerability VCID-y5uq-a6dx-3yd4
22
vulnerability VCID-ygbu-vb2t-jqhx
23
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3
1
url pkg:maven/org.apache.struts/struts2-core@2.3.28
purl pkg:maven/org.apache.struts/struts2-core@2.3.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rjv-1thm-dugt
1
vulnerability VCID-3yq7-n972-j7dh
2
vulnerability VCID-579w-2k2v-efa2
3
vulnerability VCID-74ab-1p1c-4qbd
4
vulnerability VCID-79j9-v8gz-rfax
5
vulnerability VCID-7c97-nj5a-hqb8
6
vulnerability VCID-7fgd-jnfe-gkhp
7
vulnerability VCID-87fh-rvvb-6ubq
8
vulnerability VCID-8bsh-bshc-vkgq
9
vulnerability VCID-95ts-vpk6-uubg
10
vulnerability VCID-b7zy-qhz9-tuar
11
vulnerability VCID-bgbt-j1n9-6yg5
12
vulnerability VCID-cm62-bsdz-yye2
13
vulnerability VCID-czjh-bpfk-3yh6
14
vulnerability VCID-dk2f-14xj-9bf8
15
vulnerability VCID-gfxq-vtry-bqgg
16
vulnerability VCID-hgj2-vqzn-gyeb
17
vulnerability VCID-mdde-pa5h-w7g4
18
vulnerability VCID-sf53-bgb2-7ue2
19
vulnerability VCID-tgd1-s1yg-9fdt
20
vulnerability VCID-vgp6-jxqt-pbf4
21
vulnerability VCID-y4qu-21c9-6fav
22
vulnerability VCID-y5uq-a6dx-3yd4
23
vulnerability VCID-ygbu-vb2t-jqhx
24
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28
aliases CVE-2016-4003, GHSA-m3x6-9v6h-4g28
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-at5c-f8p8-67fh
16
url VCID-b59n-uxft-4qgz
vulnerability_id VCID-b59n-uxft-4qgz
summary Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
references
0
reference_url http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4316
reference_id
reference_type
scores
0
value 0.06168
scoring_system epss
scoring_elements 0.90856
published_at 2026-04-21T12:55:00Z
1
value 0.06168
scoring_system epss
scoring_elements 0.90823
published_at 2026-04-08T12:55:00Z
2
value 0.06168
scoring_system epss
scoring_elements 0.90829
published_at 2026-04-09T12:55:00Z
3
value 0.06168
scoring_system epss
scoring_elements 0.90838
published_at 2026-04-12T12:55:00Z
4
value 0.06168
scoring_system epss
scoring_elements 0.90836
published_at 2026-04-13T12:55:00Z
5
value 0.06168
scoring_system epss
scoring_elements 0.9086
published_at 2026-04-16T12:55:00Z
6
value 0.06168
scoring_system epss
scoring_elements 0.90858
published_at 2026-04-18T12:55:00Z
7
value 0.06168
scoring_system epss
scoring_elements 0.90784
published_at 2026-04-01T12:55:00Z
8
value 0.06168
scoring_system epss
scoring_elements 0.90789
published_at 2026-04-02T12:55:00Z
9
value 0.06168
scoring_system epss
scoring_elements 0.90801
published_at 2026-04-04T12:55:00Z
10
value 0.06168
scoring_system epss
scoring_elements 0.90812
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4316
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1
5
reference_url https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4316
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4316
7
reference_url http://struts.apache.org/docs/s2-019.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-019.html
8
reference_url http://struts.apache.org/release/2.3.x/docs/s2-019.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/release/2.3.x/docs/s2-019.html
9
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1013036
reference_id 1013036
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1013036
11
reference_url https://github.com/advisories/GHSA-j7h6-xr7g-m2c5
reference_id GHSA-j7h6-xr7g-m2c5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j7h6-xr7g-m2c5
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.15.2
purl pkg:maven/org.apache.struts/struts2-core@2.3.15.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6hrc-fm64-ckhf
7
vulnerability VCID-6t1x-s2k2-b7bq
8
vulnerability VCID-74ab-1p1c-4qbd
9
vulnerability VCID-79j9-v8gz-rfax
10
vulnerability VCID-7c97-nj5a-hqb8
11
vulnerability VCID-87fh-rvvb-6ubq
12
vulnerability VCID-8bsh-bshc-vkgq
13
vulnerability VCID-8mws-fbmg-cqa9
14
vulnerability VCID-95ts-vpk6-uubg
15
vulnerability VCID-at5c-f8p8-67fh
16
vulnerability VCID-b7zy-qhz9-tuar
17
vulnerability VCID-bgbt-j1n9-6yg5
18
vulnerability VCID-cm62-bsdz-yye2
19
vulnerability VCID-dk2f-14xj-9bf8
20
vulnerability VCID-gfxq-vtry-bqgg
21
vulnerability VCID-h4yg-zrv6-aqa1
22
vulnerability VCID-hgj2-vqzn-gyeb
23
vulnerability VCID-j5su-cnqd-6yad
24
vulnerability VCID-kdsa-599r-eud7
25
vulnerability VCID-mdde-pa5h-w7g4
26
vulnerability VCID-me84-wy85-hkf5
27
vulnerability VCID-n2dn-bnjc-13gp
28
vulnerability VCID-qqm4-frqy-bua5
29
vulnerability VCID-tcaj-6bcg-k7g2
30
vulnerability VCID-tgd1-s1yg-9fdt
31
vulnerability VCID-vgp6-jxqt-pbf4
32
vulnerability VCID-y4qu-21c9-6fav
33
vulnerability VCID-y5uq-a6dx-3yd4
34
vulnerability VCID-ygbu-vb2t-jqhx
35
vulnerability VCID-zb3c-gnyc-yug8
36
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.2
aliases CVE-2013-4316, GHSA-j7h6-xr7g-m2c5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b59n-uxft-4qgz
17
url VCID-b7zy-qhz9-tuar
vulnerability_id VCID-b7zy-qhz9-tuar
summary 
Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory (OOM) owing to not properly checking of list bounds. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.

Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34149
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.19577
published_at 2026-04-02T12:55:00Z
1
value 0.00062
scoring_system epss
scoring_elements 0.19474
published_at 2026-04-09T12:55:00Z
2
value 0.00062
scoring_system epss
scoring_elements 0.19422
published_at 2026-04-08T12:55:00Z
3
value 0.00062
scoring_system epss
scoring_elements 0.19344
published_at 2026-04-07T12:55:00Z
4
value 0.00062
scoring_system epss
scoring_elements 0.19623
published_at 2026-04-04T12:55:00Z
5
value 0.00066
scoring_system epss
scoring_elements 0.20545
published_at 2026-04-21T12:55:00Z
6
value 0.00066
scoring_system epss
scoring_elements 0.20662
published_at 2026-04-11T12:55:00Z
7
value 0.00066
scoring_system epss
scoring_elements 0.2062
published_at 2026-04-12T12:55:00Z
8
value 0.00066
scoring_system epss
scoring_elements 0.20567
published_at 2026-04-13T12:55:00Z
9
value 0.00066
scoring_system epss
scoring_elements 0.20553
published_at 2026-04-16T12:55:00Z
10
value 0.00066
scoring_system epss
scoring_elements 0.2055
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34149
1
reference_url https://cwiki.apache.org/confluence/display/WW/S2-063
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/
url https://cwiki.apache.org/confluence/display/WW/S2-063
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21
4
reference_url https://github.com/apache/struts/releases/tag/STRUTS_2_5_31
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/releases/tag/STRUTS_2_5_31
5
reference_url https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1
6
reference_url https://security.netapp.com/advisory/ntap-20230706-0005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230706-0005
7
reference_url http://www.openwall.com/lists/oss-security/2023/06/14/2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/
url http://www.openwall.com/lists/oss-security/2023/06/14/2
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34149
reference_id CVE-2023-34149
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34149
9
reference_url https://github.com/advisories/GHSA-8f6x-v685-g2xc
reference_id GHSA-8f6x-v685-g2xc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8f6x-v685-g2xc
10
reference_url https://security.netapp.com/advisory/ntap-20230706-0005/
reference_id ntap-20230706-0005
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/
url https://security.netapp.com/advisory/ntap-20230706-0005/
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.31
purl pkg:maven/org.apache.struts/struts2-core@2.5.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-gfxq-vtry-bqgg
3
vulnerability VCID-tgd1-s1yg-9fdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31
1
url pkg:maven/org.apache.struts/struts2-core@6.1.2.1
purl pkg:maven/org.apache.struts/struts2-core@6.1.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-gfxq-vtry-bqgg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1
aliases CVE-2023-34149, GHSA-8f6x-v685-g2xc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7zy-qhz9-tuar
18
url VCID-bgbt-j1n9-6yg5
vulnerability_id VCID-bgbt-j1n9-6yg5
summary The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1327
reference_id
reference_type
scores
0
value 0.0622
scoring_system epss
scoring_elements 0.90903
published_at 2026-04-21T12:55:00Z
1
value 0.0622
scoring_system epss
scoring_elements 0.90902
published_at 2026-04-18T12:55:00Z
2
value 0.0622
scoring_system epss
scoring_elements 0.90905
published_at 2026-04-16T12:55:00Z
3
value 0.0622
scoring_system epss
scoring_elements 0.9088
published_at 2026-04-13T12:55:00Z
4
value 0.0622
scoring_system epss
scoring_elements 0.90881
published_at 2026-04-12T12:55:00Z
5
value 0.0622
scoring_system epss
scoring_elements 0.90872
published_at 2026-04-09T12:55:00Z
6
value 0.0622
scoring_system epss
scoring_elements 0.90866
published_at 2026-04-08T12:55:00Z
7
value 0.0622
scoring_system epss
scoring_elements 0.90854
published_at 2026-04-07T12:55:00Z
8
value 0.0622
scoring_system epss
scoring_elements 0.90844
published_at 2026-04-04T12:55:00Z
9
value 0.0622
scoring_system epss
scoring_elements 0.90833
published_at 2026-04-02T12:55:00Z
10
value 0.0622
scoring_system epss
scoring_elements 0.90828
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1327
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-056
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-056
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa
5
reference_url https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4
6
reference_url https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323
7
reference_url https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E
9
reference_url https://security.netapp.com/advisory/ntap-20180330-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180330-0001
10
reference_url https://security.netapp.com/advisory/ntap-20180330-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180330-0001/
11
reference_url https://struts.apache.org/docs/s2-056.html
reference_id
reference_type
scores
url https://struts.apache.org/docs/s2-056.html
12
reference_url https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516
13
reference_url https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575
14
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
15
reference_url http://www.securityfocus.com/bid/103516
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103516
16
reference_url http://www.securitytracker.com/id/1040575
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1040575
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1561007
reference_id 1561007
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1561007
18
reference_url https://access.redhat.com/security/cve/CVE-2018-1327
reference_id CVE-2018-1327
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2018-1327
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1327
reference_id CVE-2018-1327
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1327
20
reference_url https://github.com/advisories/GHSA-38cr-2ph5-frr9
reference_id GHSA-38cr-2ph5-frr9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-38cr-2ph5-frr9
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.16
purl pkg:maven/org.apache.struts/struts2-core@2.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-79j9-v8gz-rfax
2
vulnerability VCID-87fh-rvvb-6ubq
3
vulnerability VCID-95ts-vpk6-uubg
4
vulnerability VCID-b7zy-qhz9-tuar
5
vulnerability VCID-cm62-bsdz-yye2
6
vulnerability VCID-dk2f-14xj-9bf8
7
vulnerability VCID-gfxq-vtry-bqgg
8
vulnerability VCID-hgj2-vqzn-gyeb
9
vulnerability VCID-tgd1-s1yg-9fdt
10
vulnerability VCID-y5uq-a6dx-3yd4
11
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.16
aliases CVE-2018-1327, GHSA-38cr-2ph5-frr9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bgbt-j1n9-6yg5
19
url VCID-cm62-bsdz-yye2
vulnerability_id VCID-cm62-bsdz-yye2
summary Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
references
0
reference_url http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11776
reference_id
reference_type
scores
0
value 0.94431
scoring_system epss
scoring_elements 0.99985
published_at 2026-04-18T12:55:00Z
1
value 0.94431
scoring_system epss
scoring_elements 0.99984
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11776
3
reference_url https://cwiki.apache.org/confluence/display/WW/S2-057
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url https://cwiki.apache.org/confluence/display/WW/S2-057
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b
6
reference_url https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e
7
reference_url https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72
8
reference_url https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d
9
reference_url https://lgtm.com/blog/apache_struts_CVE-2018-11776
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url https://lgtm.com/blog/apache_struts_CVE-2018-11776
10
reference_url https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
12
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012
13
reference_url https://security.netapp.com/advisory/ntap-20180822-0001
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180822-0001
14
reference_url https://security.netapp.com/advisory/ntap-20181018-0002
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181018-0002
15
reference_url https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125
16
reference_url https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888
17
reference_url https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547
18
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776
19
reference_url https://www.exploit-db.com/exploits/45260
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/45260
20
reference_url https://www.exploit-db.com/exploits/45262
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/45262
21
reference_url https://www.exploit-db.com/exploits/45367
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/45367
22
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url https://www.oracle.com/security-alerts/cpujul2020.html
23
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
24
reference_url http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt
25
reference_url http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html
26
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
27
reference_url http://www.securityfocus.com/bid/105125
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url http://www.securityfocus.com/bid/105125
28
reference_url http://www.securitytracker.com/id/1041547
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url http://www.securitytracker.com/id/1041547
29
reference_url http://www.securitytracker.com/id/1041888
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url http://www.securitytracker.com/id/1041888
30
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1620019
reference_id 1620019
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1620019
31
reference_url https://www.exploit-db.com/exploits/45260/
reference_id 45260
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url https://www.exploit-db.com/exploits/45260/
32
reference_url https://www.exploit-db.com/exploits/45262/
reference_id 45262
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url https://www.exploit-db.com/exploits/45262/
33
reference_url https://www.exploit-db.com/exploits/45367/
reference_id 45367
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url https://www.exploit-db.com/exploits/45367/
34
reference_url https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py
reference_id CVE-2018-11776
reference_type exploit
scores
url https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py
35
reference_url https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py
reference_id CVE-2018-11776
reference_type exploit
scores
url https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py
36
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py
reference_id CVE-2018-11776
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py
37
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py
reference_id CVE-2018-11776
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py
38
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb
reference_id CVE-2018-11776
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb
39
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11776
reference_id CVE-2018-11776
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11776
40
reference_url https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb
reference_id CVE-2018-11776
reference_type exploit
scores
url https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb
41
reference_url https://github.com/hook-s3c/CVE-2018-11776-Python-PoC
reference_id CVE-2018-11776-PYTHON-POC
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url https://github.com/hook-s3c/CVE-2018-11776-Python-PoC
42
reference_url https://github.com/advisories/GHSA-cr6j-3jp9-rw65
reference_id GHSA-cr6j-3jp9-rw65
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cr6j-3jp9-rw65
43
reference_url https://security.netapp.com/advisory/ntap-20180822-0001/
reference_id ntap-20180822-0001
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/
url https://security.netapp.com/advisory/ntap-20180822-0001/
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.35
purl pkg:maven/org.apache.struts/struts2-core@2.3.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-79j9-v8gz-rfax
2
vulnerability VCID-87fh-rvvb-6ubq
3
vulnerability VCID-95ts-vpk6-uubg
4
vulnerability VCID-b7zy-qhz9-tuar
5
vulnerability VCID-bgbt-j1n9-6yg5
6
vulnerability VCID-dk2f-14xj-9bf8
7
vulnerability VCID-gfxq-vtry-bqgg
8
vulnerability VCID-hgj2-vqzn-gyeb
9
vulnerability VCID-tgd1-s1yg-9fdt
10
vulnerability VCID-y5uq-a6dx-3yd4
11
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.35
1
url pkg:maven/org.apache.struts/struts2-core@2.5.17
purl pkg:maven/org.apache.struts/struts2-core@2.5.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-79j9-v8gz-rfax
2
vulnerability VCID-87fh-rvvb-6ubq
3
vulnerability VCID-95ts-vpk6-uubg
4
vulnerability VCID-b7zy-qhz9-tuar
5
vulnerability VCID-dk2f-14xj-9bf8
6
vulnerability VCID-gfxq-vtry-bqgg
7
vulnerability VCID-hgj2-vqzn-gyeb
8
vulnerability VCID-tgd1-s1yg-9fdt
9
vulnerability VCID-y5uq-a6dx-3yd4
10
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.17
aliases CVE-2018-11776, GHSA-cr6j-3jp9-rw65
risk_score 10.0
exploitability 2.0
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cm62-bsdz-yye2
20
url VCID-dk2f-14xj-9bf8
vulnerability_id VCID-dk2f-14xj-9bf8
summary 
Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory (OOM) owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.

Upgrade to Struts 2.5.31 or 6.1.2.1 or greater
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34396
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.30232
published_at 2026-04-02T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.30194
published_at 2026-04-09T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.30159
published_at 2026-04-08T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.30099
published_at 2026-04-07T12:55:00Z
4
value 0.00115
scoring_system epss
scoring_elements 0.30281
published_at 2026-04-04T12:55:00Z
5
value 0.00123
scoring_system epss
scoring_elements 0.31376
published_at 2026-04-21T12:55:00Z
6
value 0.00123
scoring_system epss
scoring_elements 0.3147
published_at 2026-04-11T12:55:00Z
7
value 0.00123
scoring_system epss
scoring_elements 0.31428
published_at 2026-04-12T12:55:00Z
8
value 0.00123
scoring_system epss
scoring_elements 0.31391
published_at 2026-04-13T12:55:00Z
9
value 0.00123
scoring_system epss
scoring_elements 0.31425
published_at 2026-04-16T12:55:00Z
10
value 0.00123
scoring_system epss
scoring_elements 0.31404
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34396
1
reference_url https://cwiki.apache.org/confluence/display/WW/S2-064
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/
url https://cwiki.apache.org/confluence/display/WW/S2-064
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21
4
reference_url https://github.com/apache/struts/releases/tag/STRUTS_2_5_31
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/releases/tag/STRUTS_2_5_31
5
reference_url https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1
6
reference_url https://security.netapp.com/advisory/ntap-20230706-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230706-0005
7
reference_url http://www.openwall.com/lists/oss-security/2023/06/14/3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/
url http://www.openwall.com/lists/oss-security/2023/06/14/3
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34396
reference_id CVE-2023-34396
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34396
9
reference_url https://github.com/advisories/GHSA-4g42-gqrg-4633
reference_id GHSA-4g42-gqrg-4633
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4g42-gqrg-4633
10
reference_url https://security.netapp.com/advisory/ntap-20230706-0005/
reference_id ntap-20230706-0005
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/
url https://security.netapp.com/advisory/ntap-20230706-0005/
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.31
purl pkg:maven/org.apache.struts/struts2-core@2.5.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-gfxq-vtry-bqgg
3
vulnerability VCID-tgd1-s1yg-9fdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31
1
url pkg:maven/org.apache.struts/struts2-core@6.1.2.1
purl pkg:maven/org.apache.struts/struts2-core@6.1.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-gfxq-vtry-bqgg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1
aliases CVE-2023-34396, GHSA-4g42-gqrg-4633
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dk2f-14xj-9bf8
21
url VCID-fv6w-cdtc-kkhx
vulnerability_id VCID-fv6w-cdtc-kkhx
summary 
Struts ParameterInterceptor vulnerability allows remote command execution
Regular expression in ParametersInterceptor matches `top['foo'](0)` as a valid expression, which OGNL treats as `(top['foo'])(0)` and evaluates the value of 'foo' action parameter as an OGNL expression. This lets malicious users put arbitrary OGNL statements into any String variable exposed by an action and have it evaluated as an OGNL expression and since OGNL statement is in HTTP parameter value attacker can use blacklisted characters (e.g. #) to disable method execution and execute arbitrary methods, bypassing the ParametersInterceptor and OGNL library protections.
references
0
reference_url http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3923
reference_id
reference_type
scores
0
value 0.91054
scoring_system epss
scoring_elements 0.99643
published_at 2026-04-21T12:55:00Z
1
value 0.91054
scoring_system epss
scoring_elements 0.99638
published_at 2026-04-04T12:55:00Z
2
value 0.91054
scoring_system epss
scoring_elements 0.99637
published_at 2026-04-02T12:55:00Z
3
value 0.91054
scoring_system epss
scoring_elements 0.9964
published_at 2026-04-13T12:55:00Z
4
value 0.91054
scoring_system epss
scoring_elements 0.99641
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3923
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923
3
reference_url http://seclists.org/fulldisclosure/2014/Jul/38
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2014/Jul/38
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/72585
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/72585
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3923
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-3923
6
reference_url https://security-tracker.debian.org/tracker/CVE-2011-3923
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2011-3923
7
reference_url http://struts.apache.org/development/2.x/docs/s2-009.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/development/2.x/docs/s2-009.html
8
reference_url http://struts.apache.org/docs/s2-009.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-009.html
9
reference_url https://web.archive.org/web/20140725074137/http://seclists.org/fulldisclosure/2014/Jul/38
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140725074137/http://seclists.org/fulldisclosure/2014/Jul/38
10
reference_url http://www.exploit-db.com/exploits/24874
reference_id
reference_type
scores
url http://www.exploit-db.com/exploits/24874
11
reference_url http://www.securityfocus.com/bid/51628
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/51628
12
reference_url http://www.securitytracker.com/id?1026575
reference_id
reference_type
scores
url http://www.securitytracker.com/id?1026575
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*
15
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24874.rb
reference_id CVE-2011-3923;OSVDB-78501
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24874.rb
16
reference_url https://github.com/advisories/GHSA-j68f-8h6p-9h5q
reference_id GHSA-j68f-8h6p-9h5q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j68f-8h6p-9h5q
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.1.2
purl pkg:maven/org.apache.struts/struts2-core@2.3.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6241-shkt-s7ew
7
vulnerability VCID-6hrc-fm64-ckhf
8
vulnerability VCID-6t1x-s2k2-b7bq
9
vulnerability VCID-74ab-1p1c-4qbd
10
vulnerability VCID-759g-hsfg-97f8
11
vulnerability VCID-79j9-v8gz-rfax
12
vulnerability VCID-7c97-nj5a-hqb8
13
vulnerability VCID-87fh-rvvb-6ubq
14
vulnerability VCID-8bsh-bshc-vkgq
15
vulnerability VCID-8mws-fbmg-cqa9
16
vulnerability VCID-95ts-vpk6-uubg
17
vulnerability VCID-at5c-f8p8-67fh
18
vulnerability VCID-b59n-uxft-4qgz
19
vulnerability VCID-b7zy-qhz9-tuar
20
vulnerability VCID-bgbt-j1n9-6yg5
21
vulnerability VCID-cm62-bsdz-yye2
22
vulnerability VCID-dk2f-14xj-9bf8
23
vulnerability VCID-gfxq-vtry-bqgg
24
vulnerability VCID-h4yg-zrv6-aqa1
25
vulnerability VCID-hgj2-vqzn-gyeb
26
vulnerability VCID-hkjh-35ye-1ugj
27
vulnerability VCID-j5su-cnqd-6yad
28
vulnerability VCID-k6mz-k1yb-4uej
29
vulnerability VCID-kdsa-599r-eud7
30
vulnerability VCID-me84-wy85-hkf5
31
vulnerability VCID-n2dn-bnjc-13gp
32
vulnerability VCID-n4fb-crnk-eugz
33
vulnerability VCID-q96z-v3bs-k3dg
34
vulnerability VCID-qqm4-frqy-bua5
35
vulnerability VCID-tcaj-6bcg-k7g2
36
vulnerability VCID-tgd1-s1yg-9fdt
37
vulnerability VCID-vgp6-jxqt-pbf4
38
vulnerability VCID-vkb9-11h4-dugp
39
vulnerability VCID-vnkw-9fa2-zqcm
40
vulnerability VCID-xz41-1z86-37ew
41
vulnerability VCID-y5uq-a6dx-3yd4
42
vulnerability VCID-ygbu-vb2t-jqhx
43
vulnerability VCID-zb3c-gnyc-yug8
44
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.1.2
aliases CVE-2011-3923, GHSA-j68f-8h6p-9h5q
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fv6w-cdtc-kkhx
22
url VCID-gfxq-vtry-bqgg
vulnerability_id VCID-gfxq-vtry-bqgg
summary 
Files or Directories Accessible to External Parties
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
references
0
reference_url http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50164
reference_id
reference_type
scores
0
value 0.92864
scoring_system epss
scoring_elements 0.99769
published_at 2026-04-21T12:55:00Z
1
value 0.93657
scoring_system epss
scoring_elements 0.99842
published_at 2026-04-07T12:55:00Z
2
value 0.93657
scoring_system epss
scoring_elements 0.99841
published_at 2026-04-02T12:55:00Z
3
value 0.93657
scoring_system epss
scoring_elements 0.99844
published_at 2026-04-13T12:55:00Z
4
value 0.93657
scoring_system epss
scoring_elements 0.99843
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50164
3
reference_url https://cwiki.apache.org/confluence/display/WW/S2-066
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-066
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163
6
reference_url https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6
7
reference_url https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
8
reference_url https://security.netapp.com/advisory/ntap-20231214-0010
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231214-0010
9
reference_url https://www.openwall.com/lists/oss-security/2023/12/07/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2023/12/07/1
10
reference_url http://www.openwall.com/lists/oss-security/2023/12/07/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/12/07/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2253938
reference_id 2253938
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2253938
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50164
reference_id CVE-2023-50164
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50164
13
reference_url https://github.com/advisories/GHSA-2j39-qcjm-428w
reference_id GHSA-2j39-qcjm-428w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2j39-qcjm-428w
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.33
purl pkg:maven/org.apache.struts/struts2-core@2.5.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-j8jv-hzsy-nyec
3
vulnerability VCID-tgd1-s1yg-9fdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.33
1
url pkg:maven/org.apache.struts/struts2-core@6.3.0.2
purl pkg:maven/org.apache.struts/struts2-core@6.3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.3.0.2
aliases CVE-2023-50164, GHSA-2j39-qcjm-428w
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfxq-vtry-bqgg
23
url VCID-gv5f-auvz-5fda
vulnerability_id VCID-gv5f-auvz-5fda
summary The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
references
0
reference_url http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0393.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0393.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-0393
reference_id
reference_type
scores
0
value 0.58542
scoring_system epss
scoring_elements 0.98214
published_at 2026-04-21T12:55:00Z
1
value 0.58542
scoring_system epss
scoring_elements 0.98216
published_at 2026-04-18T12:55:00Z
2
value 0.58542
scoring_system epss
scoring_elements 0.98215
published_at 2026-04-16T12:55:00Z
3
value 0.58542
scoring_system epss
scoring_elements 0.98209
published_at 2026-04-13T12:55:00Z
4
value 0.58542
scoring_system epss
scoring_elements 0.98207
published_at 2026-04-09T12:55:00Z
5
value 0.58542
scoring_system epss
scoring_elements 0.98206
published_at 2026-04-08T12:55:00Z
6
value 0.58542
scoring_system epss
scoring_elements 0.98201
published_at 2026-04-07T12:55:00Z
7
value 0.58542
scoring_system epss
scoring_elements 0.982
published_at 2026-04-04T12:55:00Z
8
value 0.58542
scoring_system epss
scoring_elements 0.98193
published_at 2026-04-01T12:55:00Z
9
value 0.58542
scoring_system epss
scoring_elements 0.98196
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-0393
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
5
reference_url https://github.com/apache/struts/commit/9cad25f258bb2629d263f828574d2671366c238d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/9cad25f258bb2629d263f828574d2671366c238d
6
reference_url http://struts.apache.org/2.x/docs/s2-008.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/s2-008.html
7
reference_url http://struts.apache.org/2.x/docs/version-notes-2311.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/version-notes-2311.html
8
reference_url https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
9
reference_url https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393
10
reference_url https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/
reference_id
reference_type
scores
url https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/
11
reference_url http://www.exploit-db.com/exploits/18329
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.exploit-db.com/exploits/18329
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=773164
reference_id 773164
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=773164
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-0393
reference_id CVE-2012-0393
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-0393
14
reference_url https://github.com/advisories/GHSA-hxqq-w4mr-mc62
reference_id GHSA-hxqq-w4mr-mc62
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hxqq-w4mr-mc62
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.2.3.1
purl pkg:maven/org.apache.struts/struts2-core@2.2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6241-shkt-s7ew
7
vulnerability VCID-6hrc-fm64-ckhf
8
vulnerability VCID-6t1x-s2k2-b7bq
9
vulnerability VCID-759g-hsfg-97f8
10
vulnerability VCID-79j9-v8gz-rfax
11
vulnerability VCID-87fh-rvvb-6ubq
12
vulnerability VCID-8bsh-bshc-vkgq
13
vulnerability VCID-8mws-fbmg-cqa9
14
vulnerability VCID-95ts-vpk6-uubg
15
vulnerability VCID-at5c-f8p8-67fh
16
vulnerability VCID-b59n-uxft-4qgz
17
vulnerability VCID-b7zy-qhz9-tuar
18
vulnerability VCID-bgbt-j1n9-6yg5
19
vulnerability VCID-cm62-bsdz-yye2
20
vulnerability VCID-dk2f-14xj-9bf8
21
vulnerability VCID-fv6w-cdtc-kkhx
22
vulnerability VCID-gfxq-vtry-bqgg
23
vulnerability VCID-h4yg-zrv6-aqa1
24
vulnerability VCID-hgj2-vqzn-gyeb
25
vulnerability VCID-hkjh-35ye-1ugj
26
vulnerability VCID-j5su-cnqd-6yad
27
vulnerability VCID-k6mz-k1yb-4uej
28
vulnerability VCID-kdsa-599r-eud7
29
vulnerability VCID-me84-wy85-hkf5
30
vulnerability VCID-n2dn-bnjc-13gp
31
vulnerability VCID-n4fb-crnk-eugz
32
vulnerability VCID-q96z-v3bs-k3dg
33
vulnerability VCID-qqm4-frqy-bua5
34
vulnerability VCID-tcaj-6bcg-k7g2
35
vulnerability VCID-tgd1-s1yg-9fdt
36
vulnerability VCID-vgp6-jxqt-pbf4
37
vulnerability VCID-vkb9-11h4-dugp
38
vulnerability VCID-vnkw-9fa2-zqcm
39
vulnerability VCID-xz41-1z86-37ew
40
vulnerability VCID-y5uq-a6dx-3yd4
41
vulnerability VCID-ygbu-vb2t-jqhx
42
vulnerability VCID-zb3c-gnyc-yug8
43
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1
1
url pkg:maven/org.apache.struts/struts2-core@2.3.1.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6241-shkt-s7ew
7
vulnerability VCID-6hrc-fm64-ckhf
8
vulnerability VCID-6t1x-s2k2-b7bq
9
vulnerability VCID-74ab-1p1c-4qbd
10
vulnerability VCID-759g-hsfg-97f8
11
vulnerability VCID-79j9-v8gz-rfax
12
vulnerability VCID-7c97-nj5a-hqb8
13
vulnerability VCID-87fh-rvvb-6ubq
14
vulnerability VCID-8bsh-bshc-vkgq
15
vulnerability VCID-8mws-fbmg-cqa9
16
vulnerability VCID-95ts-vpk6-uubg
17
vulnerability VCID-at5c-f8p8-67fh
18
vulnerability VCID-b59n-uxft-4qgz
19
vulnerability VCID-b7zy-qhz9-tuar
20
vulnerability VCID-bgbt-j1n9-6yg5
21
vulnerability VCID-cm62-bsdz-yye2
22
vulnerability VCID-dk2f-14xj-9bf8
23
vulnerability VCID-fv6w-cdtc-kkhx
24
vulnerability VCID-gfxq-vtry-bqgg
25
vulnerability VCID-h4yg-zrv6-aqa1
26
vulnerability VCID-hgj2-vqzn-gyeb
27
vulnerability VCID-hkjh-35ye-1ugj
28
vulnerability VCID-j5su-cnqd-6yad
29
vulnerability VCID-k6mz-k1yb-4uej
30
vulnerability VCID-kdsa-599r-eud7
31
vulnerability VCID-me84-wy85-hkf5
32
vulnerability VCID-n2dn-bnjc-13gp
33
vulnerability VCID-n4fb-crnk-eugz
34
vulnerability VCID-q96z-v3bs-k3dg
35
vulnerability VCID-qqm4-frqy-bua5
36
vulnerability VCID-tcaj-6bcg-k7g2
37
vulnerability VCID-tgd1-s1yg-9fdt
38
vulnerability VCID-vgp6-jxqt-pbf4
39
vulnerability VCID-vkb9-11h4-dugp
40
vulnerability VCID-vnkw-9fa2-zqcm
41
vulnerability VCID-xz41-1z86-37ew
42
vulnerability VCID-y5uq-a6dx-3yd4
43
vulnerability VCID-ygbu-vb2t-jqhx
44
vulnerability VCID-zb3c-gnyc-yug8
45
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.1.1
aliases CVE-2012-0393, GHSA-hxqq-w4mr-mc62
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gv5f-auvz-5fda
24
url VCID-h4yg-zrv6-aqa1
vulnerability_id VCID-h4yg-zrv6-aqa1
summary ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
references
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045
1
reference_url http://jvn.jp/en/jp/JVN19294237/index.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN19294237/index.html
2
reference_url http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
3
reference_url https://access.redhat.com/errata/RHSA-2019:0910
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0910
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0112
reference_id
reference_type
scores
0
value 0.91424
scoring_system epss
scoring_elements 0.99668
published_at 2026-04-21T12:55:00Z
1
value 0.91424
scoring_system epss
scoring_elements 0.99659
published_at 2026-04-02T12:55:00Z
2
value 0.91424
scoring_system epss
scoring_elements 0.9966
published_at 2026-04-04T12:55:00Z
3
value 0.91424
scoring_system epss
scoring_elements 0.99661
published_at 2026-04-07T12:55:00Z
4
value 0.91424
scoring_system epss
scoring_elements 0.99663
published_at 2026-04-11T12:55:00Z
5
value 0.91424
scoring_system epss
scoring_elements 0.99664
published_at 2026-04-13T12:55:00Z
6
value 0.91424
scoring_system epss
scoring_elements 0.99665
published_at 2026-04-16T12:55:00Z
7
value 0.91424
scoring_system epss
scoring_elements 0.99666
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0112
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1091939
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1091939
7
reference_url https://cwiki.apache.org/confluence/display/WW/S2-021
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-021
8
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
9
reference_url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0112
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0112
11
reference_url http://struts.apache.org/docs/s2-021.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-021.html
12
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112
13
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21676706
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21676706
14
reference_url http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
15
reference_url http://www.vmware.com/security/advisories/VMSA-2014-0007.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2014-0007.html
16
reference_url https://github.com/advisories/GHSA-prjv-jj26-wf8h
reference_id GHSA-prjv-jj26-wf8h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-prjv-jj26-wf8h
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.16.2
purl pkg:maven/org.apache.struts/struts2-core@2.3.16.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6hrc-fm64-ckhf
7
vulnerability VCID-74ab-1p1c-4qbd
8
vulnerability VCID-79j9-v8gz-rfax
9
vulnerability VCID-7c97-nj5a-hqb8
10
vulnerability VCID-87fh-rvvb-6ubq
11
vulnerability VCID-8bsh-bshc-vkgq
12
vulnerability VCID-8mws-fbmg-cqa9
13
vulnerability VCID-95ts-vpk6-uubg
14
vulnerability VCID-at5c-f8p8-67fh
15
vulnerability VCID-b7zy-qhz9-tuar
16
vulnerability VCID-bgbt-j1n9-6yg5
17
vulnerability VCID-cm62-bsdz-yye2
18
vulnerability VCID-dk2f-14xj-9bf8
19
vulnerability VCID-gfxq-vtry-bqgg
20
vulnerability VCID-hgj2-vqzn-gyeb
21
vulnerability VCID-j5su-cnqd-6yad
22
vulnerability VCID-mdde-pa5h-w7g4
23
vulnerability VCID-me84-wy85-hkf5
24
vulnerability VCID-tcaj-6bcg-k7g2
25
vulnerability VCID-tgd1-s1yg-9fdt
26
vulnerability VCID-vgp6-jxqt-pbf4
27
vulnerability VCID-y4qu-21c9-6fav
28
vulnerability VCID-y5uq-a6dx-3yd4
29
vulnerability VCID-ygbu-vb2t-jqhx
30
vulnerability VCID-zb3c-gnyc-yug8
31
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2
1
url pkg:maven/org.apache.struts/struts2-core@2.3.20
purl pkg:maven/org.apache.struts/struts2-core@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-3yq7-n972-j7dh
3
vulnerability VCID-4agy-6nsx-7ufh
4
vulnerability VCID-579w-2k2v-efa2
5
vulnerability VCID-6hrc-fm64-ckhf
6
vulnerability VCID-74ab-1p1c-4qbd
7
vulnerability VCID-79j9-v8gz-rfax
8
vulnerability VCID-7c97-nj5a-hqb8
9
vulnerability VCID-7fgd-jnfe-gkhp
10
vulnerability VCID-87fh-rvvb-6ubq
11
vulnerability VCID-8bsh-bshc-vkgq
12
vulnerability VCID-95ts-vpk6-uubg
13
vulnerability VCID-at5c-f8p8-67fh
14
vulnerability VCID-b7zy-qhz9-tuar
15
vulnerability VCID-bgbt-j1n9-6yg5
16
vulnerability VCID-cm62-bsdz-yye2
17
vulnerability VCID-czjh-bpfk-3yh6
18
vulnerability VCID-dk2f-14xj-9bf8
19
vulnerability VCID-gfxq-vtry-bqgg
20
vulnerability VCID-hgj2-vqzn-gyeb
21
vulnerability VCID-j5su-cnqd-6yad
22
vulnerability VCID-mdde-pa5h-w7g4
23
vulnerability VCID-p9xh-frm5-8ucp
24
vulnerability VCID-sf53-bgb2-7ue2
25
vulnerability VCID-tgd1-s1yg-9fdt
26
vulnerability VCID-vgp6-jxqt-pbf4
27
vulnerability VCID-y4qu-21c9-6fav
28
vulnerability VCID-y5uq-a6dx-3yd4
29
vulnerability VCID-ygbu-vb2t-jqhx
30
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20
aliases CVE-2014-0112, GHSA-prjv-jj26-wf8h
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4yg-zrv6-aqa1
25
url VCID-hgj2-vqzn-gyeb
vulnerability_id VCID-hgj2-vqzn-gyeb
summary 
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31805
reference_id
reference_type
scores
0
value 0.93956
scoring_system epss
scoring_elements 0.99886
published_at 2026-04-21T12:55:00Z
1
value 0.93956
scoring_system epss
scoring_elements 0.99883
published_at 2026-04-07T12:55:00Z
2
value 0.93956
scoring_system epss
scoring_elements 0.99885
published_at 2026-04-13T12:55:00Z
3
value 0.93956
scoring_system epss
scoring_elements 0.99884
published_at 2026-04-12T12:55:00Z
4
value 0.93956
scoring_system epss
scoring_elements 0.99881
published_at 2026-04-01T12:55:00Z
5
value 0.93956
scoring_system epss
scoring_elements 0.99882
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31805
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-062
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-062
3
reference_url https://security.netapp.com/advisory/ntap-20220420-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220420-0001
4
reference_url https://security.netapp.com/advisory/ntap-20220420-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220420-0001/
5
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
6
reference_url http://www.openwall.com/lists/oss-security/2022/04/12/6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/04/12/6
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2074788
reference_id 2074788
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2074788
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31805
reference_id CVE-2021-31805
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31805
9
reference_url https://github.com/advisories/GHSA-v8j6-6c2r-r27c
reference_id GHSA-v8j6-6c2r-r27c
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v8j6-6c2r-r27c
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.30
purl pkg:maven/org.apache.struts/struts2-core@2.5.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-b7zy-qhz9-tuar
3
vulnerability VCID-dk2f-14xj-9bf8
4
vulnerability VCID-gfxq-vtry-bqgg
5
vulnerability VCID-tgd1-s1yg-9fdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.30
aliases CVE-2021-31805, GHSA-v8j6-6c2r-r27c
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgj2-vqzn-gyeb
26
url VCID-hkjh-35ye-1ugj
vulnerability_id VCID-hkjh-35ye-1ugj
summary Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2115
reference_id
reference_type
scores
0
value 0.87487
scoring_system epss
scoring_elements 0.99454
published_at 2026-04-01T12:55:00Z
1
value 0.8761
scoring_system epss
scoring_elements 0.99469
published_at 2026-04-21T12:55:00Z
2
value 0.8761
scoring_system epss
scoring_elements 0.99468
published_at 2026-04-16T12:55:00Z
3
value 0.8761
scoring_system epss
scoring_elements 0.99465
published_at 2026-04-13T12:55:00Z
4
value 0.8761
scoring_system epss
scoring_elements 0.99464
published_at 2026-04-11T12:55:00Z
5
value 0.8761
scoring_system epss
scoring_elements 0.99463
published_at 2026-04-09T12:55:00Z
6
value 0.8761
scoring_system epss
scoring_elements 0.99462
published_at 2026-04-08T12:55:00Z
7
value 0.8761
scoring_system epss
scoring_elements 0.99461
published_at 2026-04-07T12:55:00Z
8
value 0.8761
scoring_system epss
scoring_elements 0.99459
published_at 2026-04-04T12:55:00Z
9
value 0.8761
scoring_system epss
scoring_elements 0.99457
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2115
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=967656
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=967656
3
reference_url https://cwiki.apache.org/confluence/display/WW/S2-013
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-013
4
reference_url https://cwiki.apache.org/confluence/display/WW/S2-014
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-014
5
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
6
reference_url https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650
7
reference_url https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d
8
reference_url https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6
9
reference_url https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474
10
reference_url https://issues.apache.org/jira/browse/WW-4063
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4063
11
reference_url http://struts.apache.org/development/2.x/docs/s2-014.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/development/2.x/docs/s2-014.html
12
reference_url http://struts.apache.org/docs/s2-014.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-014.html
13
reference_url https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167
14
reference_url http://www.securityfocus.com/bid/60167
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/60167
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2115
reference_id CVE-2013-2115
reference_type
scores
0
value 9.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:C/I:C/A:C
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2115
17
reference_url https://github.com/advisories/GHSA-7ghm-rpc7-p7g5
reference_id GHSA-7ghm-rpc7-p7g5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7ghm-rpc7-p7g5
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.14.2
purl pkg:maven/org.apache.struts/struts2-core@2.3.14.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6241-shkt-s7ew
7
vulnerability VCID-6hrc-fm64-ckhf
8
vulnerability VCID-6t1x-s2k2-b7bq
9
vulnerability VCID-74ab-1p1c-4qbd
10
vulnerability VCID-759g-hsfg-97f8
11
vulnerability VCID-79j9-v8gz-rfax
12
vulnerability VCID-7c97-nj5a-hqb8
13
vulnerability VCID-87fh-rvvb-6ubq
14
vulnerability VCID-8bsh-bshc-vkgq
15
vulnerability VCID-8mws-fbmg-cqa9
16
vulnerability VCID-95ts-vpk6-uubg
17
vulnerability VCID-at5c-f8p8-67fh
18
vulnerability VCID-b59n-uxft-4qgz
19
vulnerability VCID-b7zy-qhz9-tuar
20
vulnerability VCID-bgbt-j1n9-6yg5
21
vulnerability VCID-cm62-bsdz-yye2
22
vulnerability VCID-dk2f-14xj-9bf8
23
vulnerability VCID-gfxq-vtry-bqgg
24
vulnerability VCID-h4yg-zrv6-aqa1
25
vulnerability VCID-hgj2-vqzn-gyeb
26
vulnerability VCID-j5su-cnqd-6yad
27
vulnerability VCID-kdsa-599r-eud7
28
vulnerability VCID-mdde-pa5h-w7g4
29
vulnerability VCID-me84-wy85-hkf5
30
vulnerability VCID-n2dn-bnjc-13gp
31
vulnerability VCID-n4fb-crnk-eugz
32
vulnerability VCID-qqm4-frqy-bua5
33
vulnerability VCID-tcaj-6bcg-k7g2
34
vulnerability VCID-tgd1-s1yg-9fdt
35
vulnerability VCID-vgp6-jxqt-pbf4
36
vulnerability VCID-vnkw-9fa2-zqcm
37
vulnerability VCID-xz41-1z86-37ew
38
vulnerability VCID-y4qu-21c9-6fav
39
vulnerability VCID-y5uq-a6dx-3yd4
40
vulnerability VCID-ygbu-vb2t-jqhx
41
vulnerability VCID-zb3c-gnyc-yug8
42
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2
aliases CVE-2013-2115, GHSA-7ghm-rpc7-p7g5
risk_score 10.0
exploitability 2.0
weighted_severity 8.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkjh-35ye-1ugj
27
url VCID-j5su-cnqd-6yad
vulnerability_id VCID-j5su-cnqd-6yad
summary Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-0785
reference_id
reference_type
scores
0
value 0.17798
scoring_system epss
scoring_elements 0.95104
published_at 2026-04-02T12:55:00Z
1
value 0.17798
scoring_system epss
scoring_elements 0.95107
published_at 2026-04-07T12:55:00Z
2
value 0.17798
scoring_system epss
scoring_elements 0.95105
published_at 2026-04-04T12:55:00Z
3
value 0.17798
scoring_system epss
scoring_elements 0.95093
published_at 2026-04-01T12:55:00Z
4
value 0.17798
scoring_system epss
scoring_elements 0.95141
published_at 2026-04-21T12:55:00Z
5
value 0.17798
scoring_system epss
scoring_elements 0.95139
published_at 2026-04-18T12:55:00Z
6
value 0.17798
scoring_system epss
scoring_elements 0.95136
published_at 2026-04-16T12:55:00Z
7
value 0.17798
scoring_system epss
scoring_elements 0.95128
published_at 2026-04-13T12:55:00Z
8
value 0.17798
scoring_system epss
scoring_elements 0.95125
published_at 2026-04-12T12:55:00Z
9
value 0.17798
scoring_system epss
scoring_elements 0.95123
published_at 2026-04-11T12:55:00Z
10
value 0.17798
scoring_system epss
scoring_elements 0.95118
published_at 2026-04-09T12:55:00Z
11
value 0.17798
scoring_system epss
scoring_elements 0.95114
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-0785
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364
5
reference_url http://struts.apache.org/docs/s2-029.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/docs/s2-029.html
6
reference_url https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066
7
reference_url https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271
8
reference_url http://www.securityfocus.com/bid/85066
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/85066
9
reference_url http://www.securitytracker.com/id/1035271
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1035271
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1326720
reference_id 1326720
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1326720
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0785
reference_id CVE-2016-0785
reference_type
scores
0
value 9.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:C/I:C/A:C
1
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-0785
13
reference_url https://github.com/advisories/GHSA-876p-4wgc-75rx
reference_id GHSA-876p-4wgc-75rx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-876p-4wgc-75rx
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.20.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.20.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-3yq7-n972-j7dh
2
vulnerability VCID-4agy-6nsx-7ufh
3
vulnerability VCID-6hrc-fm64-ckhf
4
vulnerability VCID-74ab-1p1c-4qbd
5
vulnerability VCID-79j9-v8gz-rfax
6
vulnerability VCID-7c97-nj5a-hqb8
7
vulnerability VCID-87fh-rvvb-6ubq
8
vulnerability VCID-8bsh-bshc-vkgq
9
vulnerability VCID-95ts-vpk6-uubg
10
vulnerability VCID-at5c-f8p8-67fh
11
vulnerability VCID-b7zy-qhz9-tuar
12
vulnerability VCID-bgbt-j1n9-6yg5
13
vulnerability VCID-cm62-bsdz-yye2
14
vulnerability VCID-dk2f-14xj-9bf8
15
vulnerability VCID-gfxq-vtry-bqgg
16
vulnerability VCID-hgj2-vqzn-gyeb
17
vulnerability VCID-j5su-cnqd-6yad
18
vulnerability VCID-sf53-bgb2-7ue2
19
vulnerability VCID-tgd1-s1yg-9fdt
20
vulnerability VCID-vgp6-jxqt-pbf4
21
vulnerability VCID-y4qu-21c9-6fav
22
vulnerability VCID-y5uq-a6dx-3yd4
23
vulnerability VCID-ygbu-vb2t-jqhx
24
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3
1
url pkg:maven/org.apache.struts/struts2-core@2.3.24.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-6hrc-fm64-ckhf
3
vulnerability VCID-74ab-1p1c-4qbd
4
vulnerability VCID-79j9-v8gz-rfax
5
vulnerability VCID-7c97-nj5a-hqb8
6
vulnerability VCID-87fh-rvvb-6ubq
7
vulnerability VCID-8bsh-bshc-vkgq
8
vulnerability VCID-95ts-vpk6-uubg
9
vulnerability VCID-b7zy-qhz9-tuar
10
vulnerability VCID-bgbt-j1n9-6yg5
11
vulnerability VCID-cm62-bsdz-yye2
12
vulnerability VCID-dk2f-14xj-9bf8
13
vulnerability VCID-gfxq-vtry-bqgg
14
vulnerability VCID-hgj2-vqzn-gyeb
15
vulnerability VCID-j5su-cnqd-6yad
16
vulnerability VCID-mdde-pa5h-w7g4
17
vulnerability VCID-sf53-bgb2-7ue2
18
vulnerability VCID-tgd1-s1yg-9fdt
19
vulnerability VCID-vgp6-jxqt-pbf4
20
vulnerability VCID-y4qu-21c9-6fav
21
vulnerability VCID-y5uq-a6dx-3yd4
22
vulnerability VCID-ygbu-vb2t-jqhx
23
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3
2
url pkg:maven/org.apache.struts/struts2-core@2.3.28
purl pkg:maven/org.apache.struts/struts2-core@2.3.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rjv-1thm-dugt
1
vulnerability VCID-3yq7-n972-j7dh
2
vulnerability VCID-579w-2k2v-efa2
3
vulnerability VCID-74ab-1p1c-4qbd
4
vulnerability VCID-79j9-v8gz-rfax
5
vulnerability VCID-7c97-nj5a-hqb8
6
vulnerability VCID-7fgd-jnfe-gkhp
7
vulnerability VCID-87fh-rvvb-6ubq
8
vulnerability VCID-8bsh-bshc-vkgq
9
vulnerability VCID-95ts-vpk6-uubg
10
vulnerability VCID-b7zy-qhz9-tuar
11
vulnerability VCID-bgbt-j1n9-6yg5
12
vulnerability VCID-cm62-bsdz-yye2
13
vulnerability VCID-czjh-bpfk-3yh6
14
vulnerability VCID-dk2f-14xj-9bf8
15
vulnerability VCID-gfxq-vtry-bqgg
16
vulnerability VCID-hgj2-vqzn-gyeb
17
vulnerability VCID-mdde-pa5h-w7g4
18
vulnerability VCID-sf53-bgb2-7ue2
19
vulnerability VCID-tgd1-s1yg-9fdt
20
vulnerability VCID-vgp6-jxqt-pbf4
21
vulnerability VCID-y4qu-21c9-6fav
22
vulnerability VCID-y5uq-a6dx-3yd4
23
vulnerability VCID-ygbu-vb2t-jqhx
24
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28
aliases CVE-2016-0785, GHSA-876p-4wgc-75rx
risk_score 4.0
exploitability 0.5
weighted_severity 8.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j5su-cnqd-6yad
28
url VCID-k6mz-k1yb-4uej
vulnerability_id VCID-k6mz-k1yb-4uej
summary 
CSRF protection bypass
The token check mechanism in this package does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4386
reference_id
reference_type
scores
0
value 0.03235
scoring_system epss
scoring_elements 0.87045
published_at 2026-04-07T12:55:00Z
1
value 0.03235
scoring_system epss
scoring_elements 0.87065
published_at 2026-04-08T12:55:00Z
2
value 0.03235
scoring_system epss
scoring_elements 0.87096
published_at 2026-04-18T12:55:00Z
3
value 0.03235
scoring_system epss
scoring_elements 0.87092
published_at 2026-04-21T12:55:00Z
4
value 0.03235
scoring_system epss
scoring_elements 0.87076
published_at 2026-04-13T12:55:00Z
5
value 0.03235
scoring_system epss
scoring_elements 0.87081
published_at 2026-04-12T12:55:00Z
6
value 0.03235
scoring_system epss
scoring_elements 0.87022
published_at 2026-04-01T12:55:00Z
7
value 0.03235
scoring_system epss
scoring_elements 0.87086
published_at 2026-04-11T12:55:00Z
8
value 0.03235
scoring_system epss
scoring_elements 0.87033
published_at 2026-04-02T12:55:00Z
9
value 0.03235
scoring_system epss
scoring_elements 0.87073
published_at 2026-04-09T12:55:00Z
10
value 0.03235
scoring_system epss
scoring_elements 0.87052
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4386
1
reference_url http://secunia.com/advisories/50420
reference_id
reference_type
scores
url http://secunia.com/advisories/50420
2
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/78182
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/78182
3
reference_url https://issues.apache.org/jira/browse/WW-3858
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-3858
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-4386
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-4386
5
reference_url http://struts.apache.org/2.x/docs/s2-010.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/s2-010.html
6
reference_url http://struts.apache.org/docs/s2-010.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-010.html
7
reference_url http://www.openwall.com/lists/oss-security/2012/09/01/4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/09/01/4
8
reference_url http://www.openwall.com/lists/oss-security/2012/09/01/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/09/01/5
9
reference_url http://www.securityfocus.com/bid/55346
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/55346
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
45
reference_url https://github.com/advisories/GHSA-2rvh-q539-q33v
reference_id GHSA-2rvh-q539-q33v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rvh-q539-q33v
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.4.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6241-shkt-s7ew
7
vulnerability VCID-6hrc-fm64-ckhf
8
vulnerability VCID-6t1x-s2k2-b7bq
9
vulnerability VCID-74ab-1p1c-4qbd
10
vulnerability VCID-759g-hsfg-97f8
11
vulnerability VCID-79j9-v8gz-rfax
12
vulnerability VCID-7c97-nj5a-hqb8
13
vulnerability VCID-87fh-rvvb-6ubq
14
vulnerability VCID-8bsh-bshc-vkgq
15
vulnerability VCID-8mws-fbmg-cqa9
16
vulnerability VCID-95ts-vpk6-uubg
17
vulnerability VCID-at5c-f8p8-67fh
18
vulnerability VCID-b59n-uxft-4qgz
19
vulnerability VCID-b7zy-qhz9-tuar
20
vulnerability VCID-bgbt-j1n9-6yg5
21
vulnerability VCID-cm62-bsdz-yye2
22
vulnerability VCID-dk2f-14xj-9bf8
23
vulnerability VCID-gfxq-vtry-bqgg
24
vulnerability VCID-h4yg-zrv6-aqa1
25
vulnerability VCID-hgj2-vqzn-gyeb
26
vulnerability VCID-hkjh-35ye-1ugj
27
vulnerability VCID-j5su-cnqd-6yad
28
vulnerability VCID-kdsa-599r-eud7
29
vulnerability VCID-me84-wy85-hkf5
30
vulnerability VCID-n2dn-bnjc-13gp
31
vulnerability VCID-n4fb-crnk-eugz
32
vulnerability VCID-qqm4-frqy-bua5
33
vulnerability VCID-tcaj-6bcg-k7g2
34
vulnerability VCID-tgd1-s1yg-9fdt
35
vulnerability VCID-vgp6-jxqt-pbf4
36
vulnerability VCID-vkb9-11h4-dugp
37
vulnerability VCID-vnkw-9fa2-zqcm
38
vulnerability VCID-xz41-1z86-37ew
39
vulnerability VCID-y5uq-a6dx-3yd4
40
vulnerability VCID-ygbu-vb2t-jqhx
41
vulnerability VCID-zb3c-gnyc-yug8
42
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1
aliases CVE-2012-4386, GHSA-2rvh-q539-q33v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k6mz-k1yb-4uej
29
url VCID-kdsa-599r-eud7
vulnerability_id VCID-kdsa-599r-eud7
summary The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
references
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045
1
reference_url http://jvn.jp/en/jp/JVN19294237/index.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN19294237/index.html
2
reference_url http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0094
reference_id
reference_type
scores
0
value 0.93134
scoring_system epss
scoring_elements 0.99796
published_at 2026-04-13T12:55:00Z
1
value 0.93134
scoring_system epss
scoring_elements 0.99795
published_at 2026-04-08T12:55:00Z
2
value 0.93134
scoring_system epss
scoring_elements 0.99794
published_at 2026-04-04T12:55:00Z
3
value 0.93134
scoring_system epss
scoring_elements 0.99799
published_at 2026-04-21T12:55:00Z
4
value 0.93134
scoring_system epss
scoring_elements 0.99798
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0094
5
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
6
reference_url https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f
7
reference_url https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62
8
reference_url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
9
reference_url http://struts.apache.org/docs/s2-021.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-021.html
10
reference_url http://struts.apache.org/release/2.3.x/docs/s2-020.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/release/2.3.x/docs/s2-020.html
11
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094
12
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
13
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21676706
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21676706
14
reference_url http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
15
reference_url http://www.konakart.com/downloads/ver-7-3-0-0-whats-new
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.konakart.com/downloads/ver-7-3-0-0-whats-new
16
reference_url http://www.vmware.com/security/advisories/VMSA-2014-0007.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2014-0007.html
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1073716
reference_id 1073716
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1073716
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0094
reference_id CVE-2014-0094
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0094
19
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb
reference_id CVE-2014-0113;CVE-2014-0112;CVE-2014-0094;OSVDB-103918
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb
20
reference_url https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb
reference_id CVE-2014-0114;CVE-2014-0112;CVE-2014-0094
reference_type exploit
scores
url https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb
21
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb
reference_id CVE-2014-0114;CVE-2014-0112;CVE-2014-0094
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb
22
reference_url https://github.com/advisories/GHSA-vrwc-qjmw-5rjm
reference_id GHSA-vrwc-qjmw-5rjm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vrwc-qjmw-5rjm
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.16.2
purl pkg:maven/org.apache.struts/struts2-core@2.3.16.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6hrc-fm64-ckhf
7
vulnerability VCID-74ab-1p1c-4qbd
8
vulnerability VCID-79j9-v8gz-rfax
9
vulnerability VCID-7c97-nj5a-hqb8
10
vulnerability VCID-87fh-rvvb-6ubq
11
vulnerability VCID-8bsh-bshc-vkgq
12
vulnerability VCID-8mws-fbmg-cqa9
13
vulnerability VCID-95ts-vpk6-uubg
14
vulnerability VCID-at5c-f8p8-67fh
15
vulnerability VCID-b7zy-qhz9-tuar
16
vulnerability VCID-bgbt-j1n9-6yg5
17
vulnerability VCID-cm62-bsdz-yye2
18
vulnerability VCID-dk2f-14xj-9bf8
19
vulnerability VCID-gfxq-vtry-bqgg
20
vulnerability VCID-hgj2-vqzn-gyeb
21
vulnerability VCID-j5su-cnqd-6yad
22
vulnerability VCID-mdde-pa5h-w7g4
23
vulnerability VCID-me84-wy85-hkf5
24
vulnerability VCID-tcaj-6bcg-k7g2
25
vulnerability VCID-tgd1-s1yg-9fdt
26
vulnerability VCID-vgp6-jxqt-pbf4
27
vulnerability VCID-y4qu-21c9-6fav
28
vulnerability VCID-y5uq-a6dx-3yd4
29
vulnerability VCID-ygbu-vb2t-jqhx
30
vulnerability VCID-zb3c-gnyc-yug8
31
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2
aliases CVE-2014-0094, GHSA-vrwc-qjmw-5rjm
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kdsa-599r-eud7
30
url VCID-me84-wy85-hkf5
vulnerability_id VCID-me84-wy85-hkf5
summary 
Cross-Site Scripting vulnerability on "Problem Report" screen
When Debug mode is turned on, under certain conditions an arbitrary script may be executed in the `Problem Report` screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script.
references
0
reference_url http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html
1
reference_url http://jvn.jp/en/jp/JVN95989300/index.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN95989300/index.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5169
reference_id
reference_type
scores
0
value 0.01198
scoring_system epss
scoring_elements 0.78914
published_at 2026-04-21T12:55:00Z
1
value 0.01198
scoring_system epss
scoring_elements 0.78844
published_at 2026-04-01T12:55:00Z
2
value 0.01198
scoring_system epss
scoring_elements 0.7885
published_at 2026-04-02T12:55:00Z
3
value 0.01198
scoring_system epss
scoring_elements 0.78879
published_at 2026-04-04T12:55:00Z
4
value 0.01198
scoring_system epss
scoring_elements 0.78861
published_at 2026-04-07T12:55:00Z
5
value 0.01198
scoring_system epss
scoring_elements 0.78886
published_at 2026-04-08T12:55:00Z
6
value 0.01198
scoring_system epss
scoring_elements 0.78893
published_at 2026-04-09T12:55:00Z
7
value 0.01198
scoring_system epss
scoring_elements 0.78916
published_at 2026-04-11T12:55:00Z
8
value 0.01198
scoring_system epss
scoring_elements 0.789
published_at 2026-04-12T12:55:00Z
9
value 0.01198
scoring_system epss
scoring_elements 0.78891
published_at 2026-04-13T12:55:00Z
10
value 0.01198
scoring_system epss
scoring_elements 0.78919
published_at 2026-04-16T12:55:00Z
11
value 0.01198
scoring_system epss
scoring_elements 0.78917
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5169
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1260087
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1260087
5
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5169
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5169
7
reference_url https://security.netapp.com/advisory/ntap-20180629-0003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180629-0003
8
reference_url https://security.netapp.com/advisory/ntap-20180629-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180629-0003/
9
reference_url https://struts.apache.org/docs/s2-025.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-025.html
10
reference_url http://www.securityfocus.com/bid/76625
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/76625
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
12
reference_url https://github.com/advisories/GHSA-vwhv-j36g-5rm8
reference_id GHSA-vwhv-j36g-5rm8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vwhv-j36g-5rm8
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.20
purl pkg:maven/org.apache.struts/struts2-core@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-3yq7-n972-j7dh
3
vulnerability VCID-4agy-6nsx-7ufh
4
vulnerability VCID-579w-2k2v-efa2
5
vulnerability VCID-6hrc-fm64-ckhf
6
vulnerability VCID-74ab-1p1c-4qbd
7
vulnerability VCID-79j9-v8gz-rfax
8
vulnerability VCID-7c97-nj5a-hqb8
9
vulnerability VCID-7fgd-jnfe-gkhp
10
vulnerability VCID-87fh-rvvb-6ubq
11
vulnerability VCID-8bsh-bshc-vkgq
12
vulnerability VCID-95ts-vpk6-uubg
13
vulnerability VCID-at5c-f8p8-67fh
14
vulnerability VCID-b7zy-qhz9-tuar
15
vulnerability VCID-bgbt-j1n9-6yg5
16
vulnerability VCID-cm62-bsdz-yye2
17
vulnerability VCID-czjh-bpfk-3yh6
18
vulnerability VCID-dk2f-14xj-9bf8
19
vulnerability VCID-gfxq-vtry-bqgg
20
vulnerability VCID-hgj2-vqzn-gyeb
21
vulnerability VCID-j5su-cnqd-6yad
22
vulnerability VCID-mdde-pa5h-w7g4
23
vulnerability VCID-p9xh-frm5-8ucp
24
vulnerability VCID-sf53-bgb2-7ue2
25
vulnerability VCID-tgd1-s1yg-9fdt
26
vulnerability VCID-vgp6-jxqt-pbf4
27
vulnerability VCID-y4qu-21c9-6fav
28
vulnerability VCID-y5uq-a6dx-3yd4
29
vulnerability VCID-ygbu-vb2t-jqhx
30
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20
aliases CVE-2015-5169, GHSA-vwhv-j36g-5rm8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-me84-wy85-hkf5
31
url VCID-n2dn-bnjc-13gp
vulnerability_id VCID-n2dn-bnjc-13gp
summary CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0113
reference_id
reference_type
scores
0
value 0.82051
scoring_system epss
scoring_elements 0.99208
published_at 2026-04-07T12:55:00Z
1
value 0.82051
scoring_system epss
scoring_elements 0.99212
published_at 2026-04-21T12:55:00Z
2
value 0.82051
scoring_system epss
scoring_elements 0.99209
published_at 2026-04-16T12:55:00Z
3
value 0.82051
scoring_system epss
scoring_elements 0.99211
published_at 2026-04-18T12:55:00Z
4
value 0.82051
scoring_system epss
scoring_elements 0.992
published_at 2026-04-01T12:55:00Z
5
value 0.82051
scoring_system epss
scoring_elements 0.99202
published_at 2026-04-02T12:55:00Z
6
value 0.82051
scoring_system epss
scoring_elements 0.9921
published_at 2026-04-12T12:55:00Z
7
value 0.82051
scoring_system epss
scoring_elements 0.99204
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0113
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-021
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-021
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0113
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0113
6
reference_url http://struts.apache.org/docs/s2-021.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-021.html
7
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
8
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21676706
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21676706
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1092201
reference_id 1092201
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1092201
10
reference_url https://github.com/advisories/GHSA-3c5c-xrq4-qhr8
reference_id GHSA-3c5c-xrq4-qhr8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3c5c-xrq4-qhr8
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.16.2
purl pkg:maven/org.apache.struts/struts2-core@2.3.16.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6hrc-fm64-ckhf
7
vulnerability VCID-74ab-1p1c-4qbd
8
vulnerability VCID-79j9-v8gz-rfax
9
vulnerability VCID-7c97-nj5a-hqb8
10
vulnerability VCID-87fh-rvvb-6ubq
11
vulnerability VCID-8bsh-bshc-vkgq
12
vulnerability VCID-8mws-fbmg-cqa9
13
vulnerability VCID-95ts-vpk6-uubg
14
vulnerability VCID-at5c-f8p8-67fh
15
vulnerability VCID-b7zy-qhz9-tuar
16
vulnerability VCID-bgbt-j1n9-6yg5
17
vulnerability VCID-cm62-bsdz-yye2
18
vulnerability VCID-dk2f-14xj-9bf8
19
vulnerability VCID-gfxq-vtry-bqgg
20
vulnerability VCID-hgj2-vqzn-gyeb
21
vulnerability VCID-j5su-cnqd-6yad
22
vulnerability VCID-mdde-pa5h-w7g4
23
vulnerability VCID-me84-wy85-hkf5
24
vulnerability VCID-tcaj-6bcg-k7g2
25
vulnerability VCID-tgd1-s1yg-9fdt
26
vulnerability VCID-vgp6-jxqt-pbf4
27
vulnerability VCID-y4qu-21c9-6fav
28
vulnerability VCID-y5uq-a6dx-3yd4
29
vulnerability VCID-ygbu-vb2t-jqhx
30
vulnerability VCID-zb3c-gnyc-yug8
31
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2
1
url pkg:maven/org.apache.struts/struts2-core@2.3.20
purl pkg:maven/org.apache.struts/struts2-core@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-3yq7-n972-j7dh
3
vulnerability VCID-4agy-6nsx-7ufh
4
vulnerability VCID-579w-2k2v-efa2
5
vulnerability VCID-6hrc-fm64-ckhf
6
vulnerability VCID-74ab-1p1c-4qbd
7
vulnerability VCID-79j9-v8gz-rfax
8
vulnerability VCID-7c97-nj5a-hqb8
9
vulnerability VCID-7fgd-jnfe-gkhp
10
vulnerability VCID-87fh-rvvb-6ubq
11
vulnerability VCID-8bsh-bshc-vkgq
12
vulnerability VCID-95ts-vpk6-uubg
13
vulnerability VCID-at5c-f8p8-67fh
14
vulnerability VCID-b7zy-qhz9-tuar
15
vulnerability VCID-bgbt-j1n9-6yg5
16
vulnerability VCID-cm62-bsdz-yye2
17
vulnerability VCID-czjh-bpfk-3yh6
18
vulnerability VCID-dk2f-14xj-9bf8
19
vulnerability VCID-gfxq-vtry-bqgg
20
vulnerability VCID-hgj2-vqzn-gyeb
21
vulnerability VCID-j5su-cnqd-6yad
22
vulnerability VCID-mdde-pa5h-w7g4
23
vulnerability VCID-p9xh-frm5-8ucp
24
vulnerability VCID-sf53-bgb2-7ue2
25
vulnerability VCID-tgd1-s1yg-9fdt
26
vulnerability VCID-vgp6-jxqt-pbf4
27
vulnerability VCID-y4qu-21c9-6fav
28
vulnerability VCID-y5uq-a6dx-3yd4
29
vulnerability VCID-ygbu-vb2t-jqhx
30
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20
aliases CVE-2014-0113, GHSA-3c5c-xrq4-qhr8
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2dn-bnjc-13gp
32
url VCID-n4fb-crnk-eugz
vulnerability_id VCID-n4fb-crnk-eugz
summary Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1965.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1965.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1965
reference_id
reference_type
scores
0
value 0.91789
scoring_system epss
scoring_elements 0.99686
published_at 2026-04-04T12:55:00Z
1
value 0.91789
scoring_system epss
scoring_elements 0.99691
published_at 2026-04-21T12:55:00Z
2
value 0.91789
scoring_system epss
scoring_elements 0.9969
published_at 2026-04-18T12:55:00Z
3
value 0.91789
scoring_system epss
scoring_elements 0.99684
published_at 2026-04-02T12:55:00Z
4
value 0.91789
scoring_system epss
scoring_elements 0.99687
published_at 2026-04-09T12:55:00Z
5
value 0.91789
scoring_system epss
scoring_elements 0.99689
published_at 2026-04-16T12:55:00Z
6
value 0.91789
scoring_system epss
scoring_elements 0.99688
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1965
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=967655
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=967655
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56
5
reference_url http://struts.apache.org/development/2.x/docs/s2-012.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/development/2.x/docs/s2-012.html
6
reference_url http://struts.apache.org/docs/s2-012.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-012.html
7
reference_url https://web.archive.org/web/20140227231557/http://www.securityfocus.com/bid/60082
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140227231557/http://www.securityfocus.com/bid/60082
8
reference_url http://www.securityfocus.com/bid/60082
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/60082
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts2-showcase:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts2-showcase:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts2-showcase:*:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1965
reference_id CVE-2013-1965
reference_type
scores
0
value 9.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:C/I:C/A:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1965
12
reference_url https://github.com/advisories/GHSA-whmq-v94q-34p9
reference_id GHSA-whmq-v94q-34p9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-whmq-v94q-34p9
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.14.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.14.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6hrc-fm64-ckhf
7
vulnerability VCID-6t1x-s2k2-b7bq
8
vulnerability VCID-74ab-1p1c-4qbd
9
vulnerability VCID-759g-hsfg-97f8
10
vulnerability VCID-79j9-v8gz-rfax
11
vulnerability VCID-7c97-nj5a-hqb8
12
vulnerability VCID-87fh-rvvb-6ubq
13
vulnerability VCID-8bsh-bshc-vkgq
14
vulnerability VCID-8mws-fbmg-cqa9
15
vulnerability VCID-95ts-vpk6-uubg
16
vulnerability VCID-at5c-f8p8-67fh
17
vulnerability VCID-b59n-uxft-4qgz
18
vulnerability VCID-b7zy-qhz9-tuar
19
vulnerability VCID-bgbt-j1n9-6yg5
20
vulnerability VCID-cm62-bsdz-yye2
21
vulnerability VCID-dk2f-14xj-9bf8
22
vulnerability VCID-gfxq-vtry-bqgg
23
vulnerability VCID-h4yg-zrv6-aqa1
24
vulnerability VCID-hgj2-vqzn-gyeb
25
vulnerability VCID-j5su-cnqd-6yad
26
vulnerability VCID-kdsa-599r-eud7
27
vulnerability VCID-mdde-pa5h-w7g4
28
vulnerability VCID-me84-wy85-hkf5
29
vulnerability VCID-n2dn-bnjc-13gp
30
vulnerability VCID-qqm4-frqy-bua5
31
vulnerability VCID-tcaj-6bcg-k7g2
32
vulnerability VCID-tgd1-s1yg-9fdt
33
vulnerability VCID-vgp6-jxqt-pbf4
34
vulnerability VCID-xz41-1z86-37ew
35
vulnerability VCID-y4qu-21c9-6fav
36
vulnerability VCID-y5uq-a6dx-3yd4
37
vulnerability VCID-ygbu-vb2t-jqhx
38
vulnerability VCID-zb3c-gnyc-yug8
39
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3
aliases CVE-2013-1965, GHSA-whmq-v94q-34p9
risk_score 10.0
exploitability 2.0
weighted_severity 8.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4fb-crnk-eugz
33
url VCID-nmgp-r7hb-5ke1
vulnerability_id VCID-nmgp-r7hb-5ke1
summary The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
references
0
reference_url http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/
url http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0391.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0391.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-0391
reference_id
reference_type
scores
0
value 0.88319
scoring_system epss
scoring_elements 0.99499
published_at 2026-04-21T12:55:00Z
1
value 0.88319
scoring_system epss
scoring_elements 0.99495
published_at 2026-04-12T12:55:00Z
2
value 0.88319
scoring_system epss
scoring_elements 0.99494
published_at 2026-04-13T12:55:00Z
3
value 0.88319
scoring_system epss
scoring_elements 0.99493
published_at 2026-04-09T12:55:00Z
4
value 0.88319
scoring_system epss
scoring_elements 0.99492
published_at 2026-04-07T12:55:00Z
5
value 0.88319
scoring_system epss
scoring_elements 0.99498
published_at 2026-04-18T12:55:00Z
6
value 0.88319
scoring_system epss
scoring_elements 0.9949
published_at 2026-04-04T12:55:00Z
7
value 0.88319
scoring_system epss
scoring_elements 0.99488
published_at 2026-04-02T12:55:00Z
8
value 0.88319
scoring_system epss
scoring_elements 0.99497
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-0391
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
5
reference_url https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b
6
reference_url https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892
7
reference_url https://issues.apache.org/jira/browse/WW-3668
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/
url https://issues.apache.org/jira/browse/WW-3668
8
reference_url http://struts.apache.org/2.x/docs/s2-008.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/
url http://struts.apache.org/2.x/docs/s2-008.html
9
reference_url http://struts.apache.org/2.x/docs/version-notes-2311.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/
url http://struts.apache.org/2.x/docs/version-notes-2311.html
10
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0391
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0391
11
reference_url https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/
url https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
12
reference_url http://www.exploit-db.com/exploits/18329
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/
url http://www.exploit-db.com/exploits/18329
13
reference_url http://secunia.com/advisories/47393
reference_id 47393
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/
url http://secunia.com/advisories/47393
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=773159
reference_id 773159
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=773159
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-0391
reference_id CVE-2012-0391
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-0391
16
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/18984.rb
reference_id CVE-2012-0391;OSVDB-78277
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/18984.rb
17
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/18329.txt
reference_id CVE-2012-0394;CVE-2012-0393;CVE-2012-0392;CVE-2012-0391;OSVDB-78277;OSVDB-78276;OSVDB-78109;OSVDB-78108
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/18329.txt
18
reference_url https://github.com/advisories/GHSA-4wrr-9h5r-m92w
reference_id GHSA-4wrr-9h5r-m92w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4wrr-9h5r-m92w
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.2.3.1
purl pkg:maven/org.apache.struts/struts2-core@2.2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6241-shkt-s7ew
7
vulnerability VCID-6hrc-fm64-ckhf
8
vulnerability VCID-6t1x-s2k2-b7bq
9
vulnerability VCID-759g-hsfg-97f8
10
vulnerability VCID-79j9-v8gz-rfax
11
vulnerability VCID-87fh-rvvb-6ubq
12
vulnerability VCID-8bsh-bshc-vkgq
13
vulnerability VCID-8mws-fbmg-cqa9
14
vulnerability VCID-95ts-vpk6-uubg
15
vulnerability VCID-at5c-f8p8-67fh
16
vulnerability VCID-b59n-uxft-4qgz
17
vulnerability VCID-b7zy-qhz9-tuar
18
vulnerability VCID-bgbt-j1n9-6yg5
19
vulnerability VCID-cm62-bsdz-yye2
20
vulnerability VCID-dk2f-14xj-9bf8
21
vulnerability VCID-fv6w-cdtc-kkhx
22
vulnerability VCID-gfxq-vtry-bqgg
23
vulnerability VCID-h4yg-zrv6-aqa1
24
vulnerability VCID-hgj2-vqzn-gyeb
25
vulnerability VCID-hkjh-35ye-1ugj
26
vulnerability VCID-j5su-cnqd-6yad
27
vulnerability VCID-k6mz-k1yb-4uej
28
vulnerability VCID-kdsa-599r-eud7
29
vulnerability VCID-me84-wy85-hkf5
30
vulnerability VCID-n2dn-bnjc-13gp
31
vulnerability VCID-n4fb-crnk-eugz
32
vulnerability VCID-q96z-v3bs-k3dg
33
vulnerability VCID-qqm4-frqy-bua5
34
vulnerability VCID-tcaj-6bcg-k7g2
35
vulnerability VCID-tgd1-s1yg-9fdt
36
vulnerability VCID-vgp6-jxqt-pbf4
37
vulnerability VCID-vkb9-11h4-dugp
38
vulnerability VCID-vnkw-9fa2-zqcm
39
vulnerability VCID-xz41-1z86-37ew
40
vulnerability VCID-y5uq-a6dx-3yd4
41
vulnerability VCID-ygbu-vb2t-jqhx
42
vulnerability VCID-zb3c-gnyc-yug8
43
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1
aliases CVE-2012-0391, GHSA-4wrr-9h5r-m92w
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nmgp-r7hb-5ke1
34
url VCID-q96z-v3bs-k3dg
vulnerability_id VCID-q96z-v3bs-k3dg
summary Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4387
reference_id
reference_type
scores
0
value 0.07916
scoring_system epss
scoring_elements 0.92054
published_at 2026-04-21T12:55:00Z
1
value 0.07916
scoring_system epss
scoring_elements 0.92003
published_at 2026-04-01T12:55:00Z
2
value 0.07916
scoring_system epss
scoring_elements 0.92011
published_at 2026-04-02T12:55:00Z
3
value 0.07916
scoring_system epss
scoring_elements 0.92019
published_at 2026-04-04T12:55:00Z
4
value 0.07916
scoring_system epss
scoring_elements 0.92024
published_at 2026-04-07T12:55:00Z
5
value 0.07916
scoring_system epss
scoring_elements 0.92037
published_at 2026-04-08T12:55:00Z
6
value 0.07916
scoring_system epss
scoring_elements 0.9204
published_at 2026-04-13T12:55:00Z
7
value 0.07916
scoring_system epss
scoring_elements 0.92043
published_at 2026-04-11T12:55:00Z
8
value 0.07916
scoring_system epss
scoring_elements 0.92044
published_at 2026-04-12T12:55:00Z
9
value 0.07916
scoring_system epss
scoring_elements 0.92059
published_at 2026-04-16T12:55:00Z
10
value 0.07916
scoring_system epss
scoring_elements 0.92056
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4387
1
reference_url http://secunia.com/advisories/50420
reference_id
reference_type
scores
url http://secunia.com/advisories/50420
2
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/78183
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/78183
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/80e03182d66d9e6ab18f9a9a9b3c42725a1c89e9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/80e03182d66d9e6ab18f9a9a9b3c42725a1c89e9
5
reference_url https://github.com/apache/struts/commit/87935af56a27235e9399308ee1fcfb74f8edcefa
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/87935af56a27235e9399308ee1fcfb74f8edcefa
6
reference_url https://issues.apache.org/jira/browse/WW-3860
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-3860
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-4387
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-4387
8
reference_url http://struts.apache.org/2.x/docs/s2-011.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/s2-011.html
9
reference_url http://struts.apache.org/docs/s2-011.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-011.html
10
reference_url http://www.openwall.com/lists/oss-security/2012/09/01/4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/09/01/4
11
reference_url http://www.openwall.com/lists/oss-security/2012/09/01/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/09/01/5
12
reference_url http://www.securityfocus.com/bid/55346
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/55346
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
48
reference_url https://github.com/advisories/GHSA-hrgc-54mv-58gv
reference_id GHSA-hrgc-54mv-58gv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrgc-54mv-58gv
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.4.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6241-shkt-s7ew
7
vulnerability VCID-6hrc-fm64-ckhf
8
vulnerability VCID-6t1x-s2k2-b7bq
9
vulnerability VCID-74ab-1p1c-4qbd
10
vulnerability VCID-759g-hsfg-97f8
11
vulnerability VCID-79j9-v8gz-rfax
12
vulnerability VCID-7c97-nj5a-hqb8
13
vulnerability VCID-87fh-rvvb-6ubq
14
vulnerability VCID-8bsh-bshc-vkgq
15
vulnerability VCID-8mws-fbmg-cqa9
16
vulnerability VCID-95ts-vpk6-uubg
17
vulnerability VCID-at5c-f8p8-67fh
18
vulnerability VCID-b59n-uxft-4qgz
19
vulnerability VCID-b7zy-qhz9-tuar
20
vulnerability VCID-bgbt-j1n9-6yg5
21
vulnerability VCID-cm62-bsdz-yye2
22
vulnerability VCID-dk2f-14xj-9bf8
23
vulnerability VCID-gfxq-vtry-bqgg
24
vulnerability VCID-h4yg-zrv6-aqa1
25
vulnerability VCID-hgj2-vqzn-gyeb
26
vulnerability VCID-hkjh-35ye-1ugj
27
vulnerability VCID-j5su-cnqd-6yad
28
vulnerability VCID-kdsa-599r-eud7
29
vulnerability VCID-me84-wy85-hkf5
30
vulnerability VCID-n2dn-bnjc-13gp
31
vulnerability VCID-n4fb-crnk-eugz
32
vulnerability VCID-qqm4-frqy-bua5
33
vulnerability VCID-tcaj-6bcg-k7g2
34
vulnerability VCID-tgd1-s1yg-9fdt
35
vulnerability VCID-vgp6-jxqt-pbf4
36
vulnerability VCID-vkb9-11h4-dugp
37
vulnerability VCID-vnkw-9fa2-zqcm
38
vulnerability VCID-xz41-1z86-37ew
39
vulnerability VCID-y5uq-a6dx-3yd4
40
vulnerability VCID-ygbu-vb2t-jqhx
41
vulnerability VCID-zb3c-gnyc-yug8
42
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1
aliases CVE-2012-4387, GHSA-hrgc-54mv-58gv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q96z-v3bs-k3dg
35
url VCID-qqm4-frqy-bua5
vulnerability_id VCID-qqm4-frqy-bua5
summary 
XSS via malicious action parameter
Multiple cross-site scripting (XSS) vulnerabilities in this package allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to `actionNames.action` and `showConfig.action` in `config-browser/`.
references
0
reference_url http://packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6348
reference_id
reference_type
scores
0
value 0.02766
scoring_system epss
scoring_elements 0.86042
published_at 2026-04-21T12:55:00Z
1
value 0.02766
scoring_system epss
scoring_elements 0.8605
published_at 2026-04-18T12:55:00Z
2
value 0.02766
scoring_system epss
scoring_elements 0.86046
published_at 2026-04-16T12:55:00Z
3
value 0.02766
scoring_system epss
scoring_elements 0.86028
published_at 2026-04-13T12:55:00Z
4
value 0.02766
scoring_system epss
scoring_elements 0.86033
published_at 2026-04-12T12:55:00Z
5
value 0.02766
scoring_system epss
scoring_elements 0.8602
published_at 2026-04-09T12:55:00Z
6
value 0.02766
scoring_system epss
scoring_elements 0.86011
published_at 2026-04-08T12:55:00Z
7
value 0.02766
scoring_system epss
scoring_elements 0.85965
published_at 2026-04-01T12:55:00Z
8
value 0.02766
scoring_system epss
scoring_elements 0.85976
published_at 2026-04-02T12:55:00Z
9
value 0.02766
scoring_system epss
scoring_elements 0.86035
published_at 2026-04-11T12:55:00Z
10
value 0.02766
scoring_system epss
scoring_elements 0.85992
published_at 2026-04-04T12:55:00Z
11
value 0.02766
scoring_system epss
scoring_elements 0.85991
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6348
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6348
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6348
3
reference_url http://seclists.org/fulldisclosure/2013/Oct/244
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2013/Oct/244
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://issues.apache.org/jira/browse/WW-4213
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4213
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6348
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6348
7
reference_url https://security-tracker.debian.org/tracker/CVE-2013-6348
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2013-6348
8
reference_url https://svn.apache.org/viewvc?view=revision&revision=1533354
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://svn.apache.org/viewvc?view=revision&revision=1533354
9
reference_url https://ubuntu.com/security/CVE-2013-6348
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://ubuntu.com/security/CVE-2013-6348
10
reference_url https://github.com/advisories/GHSA-3g8j-jj54-3vjg
reference_id GHSA-3g8j-jj54-3vjg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3g8j-jj54-3vjg
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.16
purl pkg:maven/org.apache.struts/struts2-core@2.3.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6hrc-fm64-ckhf
7
vulnerability VCID-74ab-1p1c-4qbd
8
vulnerability VCID-79j9-v8gz-rfax
9
vulnerability VCID-7c97-nj5a-hqb8
10
vulnerability VCID-87fh-rvvb-6ubq
11
vulnerability VCID-8bsh-bshc-vkgq
12
vulnerability VCID-8mws-fbmg-cqa9
13
vulnerability VCID-95ts-vpk6-uubg
14
vulnerability VCID-at5c-f8p8-67fh
15
vulnerability VCID-b7zy-qhz9-tuar
16
vulnerability VCID-bgbt-j1n9-6yg5
17
vulnerability VCID-cm62-bsdz-yye2
18
vulnerability VCID-dk2f-14xj-9bf8
19
vulnerability VCID-gfxq-vtry-bqgg
20
vulnerability VCID-h4yg-zrv6-aqa1
21
vulnerability VCID-hgj2-vqzn-gyeb
22
vulnerability VCID-j5su-cnqd-6yad
23
vulnerability VCID-kdsa-599r-eud7
24
vulnerability VCID-mdde-pa5h-w7g4
25
vulnerability VCID-me84-wy85-hkf5
26
vulnerability VCID-n2dn-bnjc-13gp
27
vulnerability VCID-tcaj-6bcg-k7g2
28
vulnerability VCID-tgd1-s1yg-9fdt
29
vulnerability VCID-vgp6-jxqt-pbf4
30
vulnerability VCID-y4qu-21c9-6fav
31
vulnerability VCID-y5uq-a6dx-3yd4
32
vulnerability VCID-ygbu-vb2t-jqhx
33
vulnerability VCID-zb3c-gnyc-yug8
34
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16
aliases CVE-2013-6348, GHSA-3g8j-jj54-3vjg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqm4-frqy-bua5
36
url VCID-r28t-sdc5-kbga
vulnerability_id VCID-r28t-sdc5-kbga
summary The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
references
0
reference_url http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0392.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0392.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-0392
reference_id
reference_type
scores
0
value 0.85099
scoring_system epss
scoring_elements 0.99357
published_at 2026-04-21T12:55:00Z
1
value 0.85099
scoring_system epss
scoring_elements 0.99355
published_at 2026-04-13T12:55:00Z
2
value 0.85099
scoring_system epss
scoring_elements 0.99353
published_at 2026-04-11T12:55:00Z
3
value 0.85099
scoring_system epss
scoring_elements 0.99351
published_at 2026-04-09T12:55:00Z
4
value 0.85099
scoring_system epss
scoring_elements 0.99349
published_at 2026-04-07T12:55:00Z
5
value 0.85099
scoring_system epss
scoring_elements 0.99348
published_at 2026-04-04T12:55:00Z
6
value 0.85099
scoring_system epss
scoring_elements 0.99346
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-0392
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
5
reference_url https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58
6
reference_url https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html
7
reference_url http://struts.apache.org/2.x/docs/s2-008.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/s2-008.html
8
reference_url http://struts.apache.org/2.x/docs/version-notes-2311.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/version-notes-2311.html
9
reference_url https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
10
reference_url https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393
11
reference_url https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/
reference_id
reference_type
scores
url https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/
12
reference_url http://www.exploit-db.com/exploits/18329
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.exploit-db.com/exploits/18329
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=773162
reference_id 773162
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=773162
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-0392
reference_id CVE-2012-0392
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-0392
15
reference_url https://github.com/advisories/GHSA-2ppp-xj34-vvf7
reference_id GHSA-2ppp-xj34-vvf7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2ppp-xj34-vvf7
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.2.3.1
purl pkg:maven/org.apache.struts/struts2-core@2.2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6241-shkt-s7ew
7
vulnerability VCID-6hrc-fm64-ckhf
8
vulnerability VCID-6t1x-s2k2-b7bq
9
vulnerability VCID-759g-hsfg-97f8
10
vulnerability VCID-79j9-v8gz-rfax
11
vulnerability VCID-87fh-rvvb-6ubq
12
vulnerability VCID-8bsh-bshc-vkgq
13
vulnerability VCID-8mws-fbmg-cqa9
14
vulnerability VCID-95ts-vpk6-uubg
15
vulnerability VCID-at5c-f8p8-67fh
16
vulnerability VCID-b59n-uxft-4qgz
17
vulnerability VCID-b7zy-qhz9-tuar
18
vulnerability VCID-bgbt-j1n9-6yg5
19
vulnerability VCID-cm62-bsdz-yye2
20
vulnerability VCID-dk2f-14xj-9bf8
21
vulnerability VCID-fv6w-cdtc-kkhx
22
vulnerability VCID-gfxq-vtry-bqgg
23
vulnerability VCID-h4yg-zrv6-aqa1
24
vulnerability VCID-hgj2-vqzn-gyeb
25
vulnerability VCID-hkjh-35ye-1ugj
26
vulnerability VCID-j5su-cnqd-6yad
27
vulnerability VCID-k6mz-k1yb-4uej
28
vulnerability VCID-kdsa-599r-eud7
29
vulnerability VCID-me84-wy85-hkf5
30
vulnerability VCID-n2dn-bnjc-13gp
31
vulnerability VCID-n4fb-crnk-eugz
32
vulnerability VCID-q96z-v3bs-k3dg
33
vulnerability VCID-qqm4-frqy-bua5
34
vulnerability VCID-tcaj-6bcg-k7g2
35
vulnerability VCID-tgd1-s1yg-9fdt
36
vulnerability VCID-vgp6-jxqt-pbf4
37
vulnerability VCID-vkb9-11h4-dugp
38
vulnerability VCID-vnkw-9fa2-zqcm
39
vulnerability VCID-xz41-1z86-37ew
40
vulnerability VCID-y5uq-a6dx-3yd4
41
vulnerability VCID-ygbu-vb2t-jqhx
42
vulnerability VCID-zb3c-gnyc-yug8
43
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1
aliases CVE-2012-0392, GHSA-2ppp-xj34-vvf7
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r28t-sdc5-kbga
37
url VCID-tcaj-6bcg-k7g2
vulnerability_id VCID-tcaj-6bcg-k7g2
summary 
Improper Input Validation
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3090
reference_id
reference_type
scores
0
value 0.02195
scoring_system epss
scoring_elements 0.8433
published_at 2026-04-01T12:55:00Z
1
value 0.02195
scoring_system epss
scoring_elements 0.84365
published_at 2026-04-04T12:55:00Z
2
value 0.02195
scoring_system epss
scoring_elements 0.84345
published_at 2026-04-02T12:55:00Z
3
value 0.02195
scoring_system epss
scoring_elements 0.84427
published_at 2026-04-21T12:55:00Z
4
value 0.02195
scoring_system epss
scoring_elements 0.84425
published_at 2026-04-18T12:55:00Z
5
value 0.02195
scoring_system epss
scoring_elements 0.84402
published_at 2026-04-13T12:55:00Z
6
value 0.02195
scoring_system epss
scoring_elements 0.84406
published_at 2026-04-12T12:55:00Z
7
value 0.02195
scoring_system epss
scoring_elements 0.84412
published_at 2026-04-11T12:55:00Z
8
value 0.02195
scoring_system epss
scoring_elements 0.84395
published_at 2026-04-09T12:55:00Z
9
value 0.02195
scoring_system epss
scoring_elements 0.84389
published_at 2026-04-08T12:55:00Z
10
value 0.02195
scoring_system epss
scoring_elements 0.84367
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3090
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
2
reference_url https://security.netapp.com/advisory/ntap-20180629-0005
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180629-0005
3
reference_url https://security.netapp.com/advisory/ntap-20180629-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180629-0005/
4
reference_url https://struts.apache.org/docs/s2-027.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-027.html
5
reference_url https://web.archive.org/web/20210123095942/http://www.securityfocus.com/bid/85131
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210123095942/http://www.securityfocus.com/bid/85131
6
reference_url https://web.archive.org/web/20211206100940/https://www.securitytracker.com/id/1035267
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20211206100940/https://www.securitytracker.com/id/1035267
7
reference_url https://www.securitytracker.com/id/1035267
reference_id
reference_type
scores
url https://www.securitytracker.com/id/1035267
8
reference_url http://www.securityfocus.com/bid/85131
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/85131
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.7:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
62
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*
63
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*
64
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*
65
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
66
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
67
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*
68
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3090
reference_id CVE-2016-3090
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3090
69
reference_url https://github.com/advisories/GHSA-ggmp-fxfg-277r
reference_id GHSA-ggmp-fxfg-277r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ggmp-fxfg-277r
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.20
purl pkg:maven/org.apache.struts/struts2-core@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-3yq7-n972-j7dh
3
vulnerability VCID-4agy-6nsx-7ufh
4
vulnerability VCID-579w-2k2v-efa2
5
vulnerability VCID-6hrc-fm64-ckhf
6
vulnerability VCID-74ab-1p1c-4qbd
7
vulnerability VCID-79j9-v8gz-rfax
8
vulnerability VCID-7c97-nj5a-hqb8
9
vulnerability VCID-7fgd-jnfe-gkhp
10
vulnerability VCID-87fh-rvvb-6ubq
11
vulnerability VCID-8bsh-bshc-vkgq
12
vulnerability VCID-95ts-vpk6-uubg
13
vulnerability VCID-at5c-f8p8-67fh
14
vulnerability VCID-b7zy-qhz9-tuar
15
vulnerability VCID-bgbt-j1n9-6yg5
16
vulnerability VCID-cm62-bsdz-yye2
17
vulnerability VCID-czjh-bpfk-3yh6
18
vulnerability VCID-dk2f-14xj-9bf8
19
vulnerability VCID-gfxq-vtry-bqgg
20
vulnerability VCID-hgj2-vqzn-gyeb
21
vulnerability VCID-j5su-cnqd-6yad
22
vulnerability VCID-mdde-pa5h-w7g4
23
vulnerability VCID-p9xh-frm5-8ucp
24
vulnerability VCID-sf53-bgb2-7ue2
25
vulnerability VCID-tgd1-s1yg-9fdt
26
vulnerability VCID-vgp6-jxqt-pbf4
27
vulnerability VCID-y4qu-21c9-6fav
28
vulnerability VCID-y5uq-a6dx-3yd4
29
vulnerability VCID-ygbu-vb2t-jqhx
30
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20
aliases CVE-2016-3090, GHSA-ggmp-fxfg-277r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcaj-6bcg-k7g2
38
url VCID-tgd1-s1yg-9fdt
vulnerability_id VCID-tgd1-s1yg-9fdt
summary 
Apache Struts 2 is Missing XML Validation
Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68493
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07712
published_at 2026-04-21T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07615
published_at 2026-04-07T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.0764
published_at 2026-04-04T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.07673
published_at 2026-04-08T12:55:00Z
4
value 0.00027
scoring_system epss
scoring_elements 0.07572
published_at 2026-04-18T12:55:00Z
5
value 0.00027
scoring_system epss
scoring_elements 0.07585
published_at 2026-04-16T12:55:00Z
6
value 0.00027
scoring_system epss
scoring_elements 0.0766
published_at 2026-04-13T12:55:00Z
7
value 0.00027
scoring_system epss
scoring_elements 0.07676
published_at 2026-04-12T12:55:00Z
8
value 0.00027
scoring_system epss
scoring_elements 0.0769
published_at 2026-04-11T12:55:00Z
9
value 0.00027
scoring_system epss
scoring_elements 0.07598
published_at 2026-04-02T12:55:00Z
10
value 0.00027
scoring_system epss
scoring_elements 0.07691
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68493
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-069
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/
url https://cwiki.apache.org/confluence/display/WW/S2-069
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68493
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68493
5
reference_url http://www.openwall.com/lists/oss-security/2026/01/11/2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/01/11/2
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2428559
reference_id 2428559
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2428559
7
reference_url https://github.com/advisories/GHSA-qcfc-hmrc-59x7
reference_id GHSA-qcfc-hmrc-59x7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qcfc-hmrc-59x7
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5-BETA1
purl pkg:maven/org.apache.struts/struts2-core@2.5-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-79j9-v8gz-rfax
2
vulnerability VCID-87fh-rvvb-6ubq
3
vulnerability VCID-95ts-vpk6-uubg
4
vulnerability VCID-b7zy-qhz9-tuar
5
vulnerability VCID-bgbt-j1n9-6yg5
6
vulnerability VCID-dk2f-14xj-9bf8
7
vulnerability VCID-gfxq-vtry-bqgg
8
vulnerability VCID-hgj2-vqzn-gyeb
9
vulnerability VCID-y5uq-a6dx-3yd4
10
vulnerability VCID-ygbu-vb2t-jqhx
11
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5-BETA1
1
url pkg:maven/org.apache.struts/struts2-core@6.1.1
purl pkg:maven/org.apache.struts/struts2-core@6.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-b7zy-qhz9-tuar
3
vulnerability VCID-dk2f-14xj-9bf8
4
vulnerability VCID-gfxq-vtry-bqgg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.1
aliases CVE-2025-68493, GHSA-qcfc-hmrc-59x7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgd1-s1yg-9fdt
39
url VCID-vgp6-jxqt-pbf4
vulnerability_id VCID-vgp6-jxqt-pbf4
summary The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
references
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110
1
reference_url http://jvn.jp/en/jp/JVN07710476/index.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN07710476/index.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4438
reference_id
reference_type
scores
0
value 0.62087
scoring_system epss
scoring_elements 0.98351
published_at 2026-04-21T12:55:00Z
1
value 0.62087
scoring_system epss
scoring_elements 0.98334
published_at 2026-04-01T12:55:00Z
2
value 0.62087
scoring_system epss
scoring_elements 0.98336
published_at 2026-04-02T12:55:00Z
3
value 0.62087
scoring_system epss
scoring_elements 0.98339
published_at 2026-04-04T12:55:00Z
4
value 0.62087
scoring_system epss
scoring_elements 0.98341
published_at 2026-04-07T12:55:00Z
5
value 0.62087
scoring_system epss
scoring_elements 0.98346
published_at 2026-04-08T12:55:00Z
6
value 0.62087
scoring_system epss
scoring_elements 0.98347
published_at 2026-04-09T12:55:00Z
7
value 0.62087
scoring_system epss
scoring_elements 0.98349
published_at 2026-04-11T12:55:00Z
8
value 0.62087
scoring_system epss
scoring_elements 0.9835
published_at 2026-04-13T12:55:00Z
9
value 0.62087
scoring_system epss
scoring_elements 0.98353
published_at 2026-04-16T12:55:00Z
10
value 0.62087
scoring_system epss
scoring_elements 0.98352
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4438
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1348238
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1348238
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
7
reference_url https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c
8
reference_url https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d
9
reference_url https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c
10
reference_url https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b
11
reference_url https://struts.apache.org/docs/s2-037.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-037.html
12
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
13
reference_url http://www.securityfocus.com/bid/91275
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/91275
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4438
reference_id CVE-2016-4438
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4438
22
reference_url https://github.com/advisories/GHSA-4prj-vw9j-v6pr
reference_id GHSA-4prj-vw9j-v6pr
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4prj-vw9j-v6pr
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.29
purl pkg:maven/org.apache.struts/struts2-core@2.3.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-74ab-1p1c-4qbd
3
vulnerability VCID-79j9-v8gz-rfax
4
vulnerability VCID-7c97-nj5a-hqb8
5
vulnerability VCID-87fh-rvvb-6ubq
6
vulnerability VCID-95ts-vpk6-uubg
7
vulnerability VCID-b7zy-qhz9-tuar
8
vulnerability VCID-bgbt-j1n9-6yg5
9
vulnerability VCID-cm62-bsdz-yye2
10
vulnerability VCID-dk2f-14xj-9bf8
11
vulnerability VCID-gfxq-vtry-bqgg
12
vulnerability VCID-hgj2-vqzn-gyeb
13
vulnerability VCID-mdde-pa5h-w7g4
14
vulnerability VCID-tgd1-s1yg-9fdt
15
vulnerability VCID-y4qu-21c9-6fav
16
vulnerability VCID-y5uq-a6dx-3yd4
17
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29
aliases CVE-2016-4438, GHSA-4prj-vw9j-v6pr
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgp6-jxqt-pbf4
40
url VCID-vkb9-11h4-dugp
vulnerability_id VCID-vkb9-11h4-dugp
summary Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1966
reference_id
reference_type
scores
0
value 0.91096
scoring_system epss
scoring_elements 0.99642
published_at 2026-04-07T12:55:00Z
1
value 0.91096
scoring_system epss
scoring_elements 0.99647
published_at 2026-04-21T12:55:00Z
2
value 0.91096
scoring_system epss
scoring_elements 0.99641
published_at 2026-04-04T12:55:00Z
3
value 0.91096
scoring_system epss
scoring_elements 0.99643
published_at 2026-04-12T12:55:00Z
4
value 0.91096
scoring_system epss
scoring_elements 0.9964
published_at 2026-04-02T12:55:00Z
5
value 0.91096
scoring_system epss
scoring_elements 0.99646
published_at 2026-04-18T12:55:00Z
6
value 0.91096
scoring_system epss
scoring_elements 0.99644
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1966
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=967656
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=967656
3
reference_url https://cwiki.apache.org/confluence/display/WW/S2-013
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-013
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56
6
reference_url http://struts.apache.org/development/2.x/docs/s2-013.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/development/2.x/docs/s2-013.html
7
reference_url http://struts.apache.org/docs/s2-013.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-013.html
8
reference_url http://struts.apache.org/docs/s2-014.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-014.html
9
reference_url http://www.securityfocus.com/bid/60166
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/60166
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1966
reference_id CVE-2013-1966
reference_type
scores
0
value 9.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:C/I:C/A:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1966
12
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb
reference_id CVE-2013-2115;OSVDB-93645;CVE-2013-1966
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb
13
reference_url https://github.com/advisories/GHSA-737w-mh58-cxjp
reference_id GHSA-737w-mh58-cxjp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-737w-mh58-cxjp
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.14.2
purl pkg:maven/org.apache.struts/struts2-core@2.3.14.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6241-shkt-s7ew
7
vulnerability VCID-6hrc-fm64-ckhf
8
vulnerability VCID-6t1x-s2k2-b7bq
9
vulnerability VCID-74ab-1p1c-4qbd
10
vulnerability VCID-759g-hsfg-97f8
11
vulnerability VCID-79j9-v8gz-rfax
12
vulnerability VCID-7c97-nj5a-hqb8
13
vulnerability VCID-87fh-rvvb-6ubq
14
vulnerability VCID-8bsh-bshc-vkgq
15
vulnerability VCID-8mws-fbmg-cqa9
16
vulnerability VCID-95ts-vpk6-uubg
17
vulnerability VCID-at5c-f8p8-67fh
18
vulnerability VCID-b59n-uxft-4qgz
19
vulnerability VCID-b7zy-qhz9-tuar
20
vulnerability VCID-bgbt-j1n9-6yg5
21
vulnerability VCID-cm62-bsdz-yye2
22
vulnerability VCID-dk2f-14xj-9bf8
23
vulnerability VCID-gfxq-vtry-bqgg
24
vulnerability VCID-h4yg-zrv6-aqa1
25
vulnerability VCID-hgj2-vqzn-gyeb
26
vulnerability VCID-j5su-cnqd-6yad
27
vulnerability VCID-kdsa-599r-eud7
28
vulnerability VCID-mdde-pa5h-w7g4
29
vulnerability VCID-me84-wy85-hkf5
30
vulnerability VCID-n2dn-bnjc-13gp
31
vulnerability VCID-n4fb-crnk-eugz
32
vulnerability VCID-qqm4-frqy-bua5
33
vulnerability VCID-tcaj-6bcg-k7g2
34
vulnerability VCID-tgd1-s1yg-9fdt
35
vulnerability VCID-vgp6-jxqt-pbf4
36
vulnerability VCID-vnkw-9fa2-zqcm
37
vulnerability VCID-xz41-1z86-37ew
38
vulnerability VCID-y4qu-21c9-6fav
39
vulnerability VCID-y5uq-a6dx-3yd4
40
vulnerability VCID-ygbu-vb2t-jqhx
41
vulnerability VCID-zb3c-gnyc-yug8
42
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2
aliases CVE-2013-1966, GHSA-737w-mh58-cxjp
risk_score 10.0
exploitability 2.0
weighted_severity 8.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vkb9-11h4-dugp
41
url VCID-vnkw-9fa2-zqcm
vulnerability_id VCID-vnkw-9fa2-zqcm
summary Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2135
reference_id
reference_type
scores
0
value 0.83013
scoring_system epss
scoring_elements 0.99247
published_at 2026-04-02T12:55:00Z
1
value 0.83013
scoring_system epss
scoring_elements 0.99258
published_at 2026-04-21T12:55:00Z
2
value 0.83013
scoring_system epss
scoring_elements 0.99257
published_at 2026-04-18T12:55:00Z
3
value 0.83013
scoring_system epss
scoring_elements 0.99256
published_at 2026-04-12T12:55:00Z
4
value 0.83013
scoring_system epss
scoring_elements 0.99255
published_at 2026-04-13T12:55:00Z
5
value 0.83013
scoring_system epss
scoring_elements 0.99254
published_at 2026-04-08T12:55:00Z
6
value 0.83013
scoring_system epss
scoring_elements 0.99253
published_at 2026-04-07T12:55:00Z
7
value 0.83013
scoring_system epss
scoring_elements 0.9925
published_at 2026-04-04T12:55:00Z
8
value 0.83013
scoring_system epss
scoring_elements 0.99245
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2135
1
reference_url https://cwiki.apache.org/confluence/display/WW/S2-015
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-015
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e
4
reference_url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0
5
reference_url https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f
6
reference_url https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c
7
reference_url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe
8
reference_url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3
9
reference_url https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba
10
reference_url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3
11
reference_url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37
12
reference_url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1
13
reference_url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16
14
reference_url https://issues.apache.org/jira/browse/WW-4090
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4090
15
reference_url https://issues.apache.org/jira/browse/WW-4094
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4094
16
reference_url https://issues.apache.org/jira/browse/WW-4095
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4095
17
reference_url http://struts.apache.org/development/2.x/docs/s2-015.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/development/2.x/docs/s2-015.html
18
reference_url http://struts.apache.org/docs/s2-015.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-015.html
19
reference_url https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758
20
reference_url http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
21
reference_url http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
22
reference_url http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/64758
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2135
reference_id CVE-2013-2135
reference_type
scores
0
value 9.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:C/I:C/A:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2135
25
reference_url https://github.com/advisories/GHSA-pw8r-x2qm-3h5m
reference_id GHSA-pw8r-x2qm-3h5m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pw8r-x2qm-3h5m
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.14.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.14.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6hrc-fm64-ckhf
7
vulnerability VCID-6t1x-s2k2-b7bq
8
vulnerability VCID-74ab-1p1c-4qbd
9
vulnerability VCID-759g-hsfg-97f8
10
vulnerability VCID-79j9-v8gz-rfax
11
vulnerability VCID-7c97-nj5a-hqb8
12
vulnerability VCID-87fh-rvvb-6ubq
13
vulnerability VCID-8bsh-bshc-vkgq
14
vulnerability VCID-8mws-fbmg-cqa9
15
vulnerability VCID-95ts-vpk6-uubg
16
vulnerability VCID-at5c-f8p8-67fh
17
vulnerability VCID-b59n-uxft-4qgz
18
vulnerability VCID-b7zy-qhz9-tuar
19
vulnerability VCID-bgbt-j1n9-6yg5
20
vulnerability VCID-cm62-bsdz-yye2
21
vulnerability VCID-dk2f-14xj-9bf8
22
vulnerability VCID-gfxq-vtry-bqgg
23
vulnerability VCID-h4yg-zrv6-aqa1
24
vulnerability VCID-hgj2-vqzn-gyeb
25
vulnerability VCID-j5su-cnqd-6yad
26
vulnerability VCID-kdsa-599r-eud7
27
vulnerability VCID-mdde-pa5h-w7g4
28
vulnerability VCID-me84-wy85-hkf5
29
vulnerability VCID-n2dn-bnjc-13gp
30
vulnerability VCID-qqm4-frqy-bua5
31
vulnerability VCID-tcaj-6bcg-k7g2
32
vulnerability VCID-tgd1-s1yg-9fdt
33
vulnerability VCID-vgp6-jxqt-pbf4
34
vulnerability VCID-xz41-1z86-37ew
35
vulnerability VCID-y4qu-21c9-6fav
36
vulnerability VCID-y5uq-a6dx-3yd4
37
vulnerability VCID-ygbu-vb2t-jqhx
38
vulnerability VCID-zb3c-gnyc-yug8
39
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3
aliases CVE-2013-2135, GHSA-pw8r-x2qm-3h5m
risk_score 10.0
exploitability 2.0
weighted_severity 8.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vnkw-9fa2-zqcm
42
url VCID-x65e-31g3-77bp
vulnerability_id VCID-x65e-31g3-77bp
summary 
Multiple XSS flaws in XWork
Multiple cross-site scripting (XSS) vulnerabilities in XWork allow remote attackers to inject arbitrary web script or HTML via vectors involving an action name, the action attribute of an s:submit element, or the method attribute of an `s:submit` element.
references
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106
1
reference_url http://jvn.jp/en/jp/JVN25435092/index.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN25435092/index.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1772.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1772.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1772
reference_id
reference_type
scores
0
value 0.59227
scoring_system epss
scoring_elements 0.98242
published_at 2026-04-21T12:55:00Z
1
value 0.59227
scoring_system epss
scoring_elements 0.98228
published_at 2026-04-04T12:55:00Z
2
value 0.59227
scoring_system epss
scoring_elements 0.98244
published_at 2026-04-18T12:55:00Z
3
value 0.59227
scoring_system epss
scoring_elements 0.98229
published_at 2026-04-07T12:55:00Z
4
value 0.59227
scoring_system epss
scoring_elements 0.98225
published_at 2026-04-02T12:55:00Z
5
value 0.59227
scoring_system epss
scoring_elements 0.98237
published_at 2026-04-13T12:55:00Z
6
value 0.59227
scoring_system epss
scoring_elements 0.98234
published_at 2026-04-09T12:55:00Z
7
value 0.59227
scoring_system epss
scoring_elements 0.98223
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1772
4
reference_url http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html
5
reference_url http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html
reference_id
reference_type
scores
url http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html
6
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
7
reference_url https://issues.apache.org/jira/browse/WW-3579
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-3579
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-1772
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:N/I:P/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-1772
9
reference_url http://struts.apache.org/2.2.3/docs/version-notes-223.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.2.3/docs/version-notes-223.html
10
reference_url http://struts.apache.org/2.x/docs/s2-006.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/s2-006.html
11
reference_url http://struts.apache.org/docs/s2-006.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-006.html
12
reference_url http://www.securityfocus.com/bid/47784
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/47784
13
reference_url http://www.ventuneac.net/security-advisories/MVSA-11-006
reference_id
reference_type
scores
url http://www.ventuneac.net/security-advisories/MVSA-11-006
14
reference_url http://www.vupen.com/english/advisories/2011/1198
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/1198
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=723827
reference_id 723827
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=723827
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:webwork:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:opensymphony:webwork:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:webwork:*:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:opensymphony:xwork:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:*:*:*:*:*:*:*:*
46
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35735.txt
reference_id CVE-2011-1772;OSVDB-72238
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35735.txt
47
reference_url https://www.securityfocus.com/bid/47784/info
reference_id CVE-2011-1772;OSVDB-72238
reference_type exploit
scores
url https://www.securityfocus.com/bid/47784/info
48
reference_url https://github.com/advisories/GHSA-56f8-g68r-j699
reference_id GHSA-56f8-g68r-j699
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56f8-g68r-j699
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.2.3
purl pkg:maven/org.apache.struts/struts2-core@2.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6241-shkt-s7ew
7
vulnerability VCID-6hrc-fm64-ckhf
8
vulnerability VCID-6t1x-s2k2-b7bq
9
vulnerability VCID-759g-hsfg-97f8
10
vulnerability VCID-79j9-v8gz-rfax
11
vulnerability VCID-87fh-rvvb-6ubq
12
vulnerability VCID-8bsh-bshc-vkgq
13
vulnerability VCID-8mws-fbmg-cqa9
14
vulnerability VCID-95ts-vpk6-uubg
15
vulnerability VCID-at5c-f8p8-67fh
16
vulnerability VCID-b59n-uxft-4qgz
17
vulnerability VCID-b7zy-qhz9-tuar
18
vulnerability VCID-bgbt-j1n9-6yg5
19
vulnerability VCID-cm62-bsdz-yye2
20
vulnerability VCID-dk2f-14xj-9bf8
21
vulnerability VCID-fv6w-cdtc-kkhx
22
vulnerability VCID-gfxq-vtry-bqgg
23
vulnerability VCID-gv5f-auvz-5fda
24
vulnerability VCID-h4yg-zrv6-aqa1
25
vulnerability VCID-hgj2-vqzn-gyeb
26
vulnerability VCID-hkjh-35ye-1ugj
27
vulnerability VCID-j5su-cnqd-6yad
28
vulnerability VCID-k6mz-k1yb-4uej
29
vulnerability VCID-kdsa-599r-eud7
30
vulnerability VCID-me84-wy85-hkf5
31
vulnerability VCID-n2dn-bnjc-13gp
32
vulnerability VCID-n4fb-crnk-eugz
33
vulnerability VCID-nmgp-r7hb-5ke1
34
vulnerability VCID-q96z-v3bs-k3dg
35
vulnerability VCID-qqm4-frqy-bua5
36
vulnerability VCID-r28t-sdc5-kbga
37
vulnerability VCID-tcaj-6bcg-k7g2
38
vulnerability VCID-tgd1-s1yg-9fdt
39
vulnerability VCID-vgp6-jxqt-pbf4
40
vulnerability VCID-vkb9-11h4-dugp
41
vulnerability VCID-vnkw-9fa2-zqcm
42
vulnerability VCID-xz41-1z86-37ew
43
vulnerability VCID-y5uq-a6dx-3yd4
44
vulnerability VCID-ygbu-vb2t-jqhx
45
vulnerability VCID-z1gf-169n-m3af
46
vulnerability VCID-zb3c-gnyc-yug8
47
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3
aliases CVE-2011-1772, GHSA-56f8-g68r-j699
risk_score 5.4
exploitability 2.0
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x65e-31g3-77bp
43
url VCID-xz41-1z86-37ew
vulnerability_id VCID-xz41-1z86-37ew
summary
references
0
reference_url http://archiva.apache.org/security.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/
url http://archiva.apache.org/security.html
1
reference_url http://cxsecurity.com/issue/WLB-2014010087
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/
url http://cxsecurity.com/issue/WLB-2014010087
2
reference_url http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/
url http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2251
reference_id
reference_type
scores
0
value 0.94325
scoring_system epss
scoring_elements 0.99952
published_at 2026-04-18T12:55:00Z
1
value 0.94325
scoring_system epss
scoring_elements 0.99951
published_at 2026-04-21T12:55:00Z
2
value 0.94328
scoring_system epss
scoring_elements 0.99952
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2251
4
reference_url http://seclists.org/fulldisclosure/2013/Oct/96
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/
url http://seclists.org/fulldisclosure/2013/Oct/96
5
reference_url http://seclists.org/oss-sec/2014/q1/89
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/
url http://seclists.org/oss-sec/2014/q1/89
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/90392
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/
url https://exchange.xforce.ibmcloud.com/vulnerabilities/90392
7
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
8
reference_url https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6
9
reference_url https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e
10
reference_url https://issues.apache.org/jira/browse/WW-4140
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4140
11
reference_url http://struts.apache.org/release/2.3.x/docs/s2-016.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/
url http://struts.apache.org/release/2.3.x/docs/s2-016.html
12
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2251
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2251
13
reference_url http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/
url http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
14
reference_url http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/
url http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html
15
reference_url http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/
url http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
16
reference_url http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/
url http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
17
reference_url http://www.securitytracker.com/id/1032916
reference_id 1032916
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/
url http://www.securitytracker.com/id/1032916
18
reference_url http://www.securityfocus.com/bid/61189
reference_id 61189
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/
url http://www.securityfocus.com/bid/61189
19
reference_url http://osvdb.org/98445
reference_id 98445
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/
url http://osvdb.org/98445
20
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/44583.txt
reference_id CVE-2013-2251
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/44583.txt
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2251
reference_id CVE-2013-2251
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2251
22
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27135.rb
reference_id CVE-2013-2251;OSVDB-95405
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27135.rb
23
reference_url https://github.com/advisories/GHSA-47qp-8v9g-39hp
reference_id GHSA-47qp-8v9g-39hp
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-47qp-8v9g-39hp
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.15.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6hrc-fm64-ckhf
7
vulnerability VCID-6t1x-s2k2-b7bq
8
vulnerability VCID-74ab-1p1c-4qbd
9
vulnerability VCID-79j9-v8gz-rfax
10
vulnerability VCID-7c97-nj5a-hqb8
11
vulnerability VCID-87fh-rvvb-6ubq
12
vulnerability VCID-8bsh-bshc-vkgq
13
vulnerability VCID-8mws-fbmg-cqa9
14
vulnerability VCID-95ts-vpk6-uubg
15
vulnerability VCID-at5c-f8p8-67fh
16
vulnerability VCID-b59n-uxft-4qgz
17
vulnerability VCID-b7zy-qhz9-tuar
18
vulnerability VCID-bgbt-j1n9-6yg5
19
vulnerability VCID-cm62-bsdz-yye2
20
vulnerability VCID-dk2f-14xj-9bf8
21
vulnerability VCID-gfxq-vtry-bqgg
22
vulnerability VCID-h4yg-zrv6-aqa1
23
vulnerability VCID-hgj2-vqzn-gyeb
24
vulnerability VCID-j5su-cnqd-6yad
25
vulnerability VCID-kdsa-599r-eud7
26
vulnerability VCID-mdde-pa5h-w7g4
27
vulnerability VCID-me84-wy85-hkf5
28
vulnerability VCID-n2dn-bnjc-13gp
29
vulnerability VCID-qqm4-frqy-bua5
30
vulnerability VCID-tcaj-6bcg-k7g2
31
vulnerability VCID-tgd1-s1yg-9fdt
32
vulnerability VCID-vgp6-jxqt-pbf4
33
vulnerability VCID-y4qu-21c9-6fav
34
vulnerability VCID-y5uq-a6dx-3yd4
35
vulnerability VCID-ygbu-vb2t-jqhx
36
vulnerability VCID-zb3c-gnyc-yug8
37
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.1
aliases CVE-2013-2251, GHSA-47qp-8v9g-39hp
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xz41-1z86-37ew
44
url VCID-y5uq-a6dx-3yd4
vulnerability_id VCID-y5uq-a6dx-3yd4
summary 
Unrestricted Upload of File with Dangerous Type
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1592
reference_id
reference_type
scores
0
value 0.00588
scoring_system epss
scoring_elements 0.69178
published_at 2026-04-18T12:55:00Z
1
value 0.00588
scoring_system epss
scoring_elements 0.69066
published_at 2026-04-01T12:55:00Z
2
value 0.00588
scoring_system epss
scoring_elements 0.69158
published_at 2026-04-21T12:55:00Z
3
value 0.00588
scoring_system epss
scoring_elements 0.69135
published_at 2026-04-08T12:55:00Z
4
value 0.00588
scoring_system epss
scoring_elements 0.69085
published_at 2026-04-07T12:55:00Z
5
value 0.00588
scoring_system epss
scoring_elements 0.69104
published_at 2026-04-04T12:55:00Z
6
value 0.00588
scoring_system epss
scoring_elements 0.69082
published_at 2026-04-02T12:55:00Z
7
value 0.00588
scoring_system epss
scoring_elements 0.6917
published_at 2026-04-16T12:55:00Z
8
value 0.00588
scoring_system epss
scoring_elements 0.69131
published_at 2026-04-13T12:55:00Z
9
value 0.00588
scoring_system epss
scoring_elements 0.6916
published_at 2026-04-12T12:55:00Z
10
value 0.00588
scoring_system epss
scoring_elements 0.69176
published_at 2026-04-11T12:55:00Z
11
value 0.00588
scoring_system epss
scoring_elements 0.69154
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1592
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76
4
reference_url https://issues.apache.org/jira/browse/WW-5055
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-5055
5
reference_url https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E
11
reference_url https://seclists.org/bugtraq/2012/Mar/110
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2012/Mar/110
12
reference_url https://struts.apache.org/security/#internal-security-mechanism
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/security/#internal-security-mechanism
13
reference_url https://www.openwall.com/lists/oss-security/2012/03/28/12
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2012/03/28/12
14
reference_url http://www.openwall.com/lists/oss-security/2012/03/28/12
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/03/28/12
15
reference_url https://access.redhat.com/security/cve/cve-2012-1592
reference_id CVE-2012-1592
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2012-1592
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1592
reference_id CVE-2012-1592
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1592
17
reference_url https://security-tracker.debian.org/tracker/CVE-2012-1592
reference_id CVE-2012-1592
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2012-1592
18
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml
reference_id CVE-2012-1592;OSVDB-80547
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml
19
reference_url https://www.securityfocus.com/bid/52702/info
reference_id CVE-2012-1592;OSVDB-80547
reference_type exploit
scores
url https://www.securityfocus.com/bid/52702/info
20
reference_url https://github.com/advisories/GHSA-8m5q-crqq-6pmf
reference_id GHSA-8m5q-crqq-6pmf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8m5q-crqq-6pmf
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.22
purl pkg:maven/org.apache.struts/struts2-core@2.5.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-87fh-rvvb-6ubq
2
vulnerability VCID-95ts-vpk6-uubg
3
vulnerability VCID-b7zy-qhz9-tuar
4
vulnerability VCID-dk2f-14xj-9bf8
5
vulnerability VCID-gfxq-vtry-bqgg
6
vulnerability VCID-hgj2-vqzn-gyeb
7
vulnerability VCID-tgd1-s1yg-9fdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22
aliases CVE-2012-1592, GHSA-8m5q-crqq-6pmf
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y5uq-a6dx-3yd4
45
url VCID-ygbu-vb2t-jqhx
vulnerability_id VCID-ygbu-vb2t-jqhx
summary Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4436
reference_id
reference_type
scores
0
value 0.05743
scoring_system epss
scoring_elements 0.90416
published_at 2026-04-02T12:55:00Z
1
value 0.05743
scoring_system epss
scoring_elements 0.90428
published_at 2026-04-04T12:55:00Z
2
value 0.05743
scoring_system epss
scoring_elements 0.90413
published_at 2026-04-01T12:55:00Z
3
value 0.05743
scoring_system epss
scoring_elements 0.90465
published_at 2026-04-21T12:55:00Z
4
value 0.05743
scoring_system epss
scoring_elements 0.90467
published_at 2026-04-18T12:55:00Z
5
value 0.05743
scoring_system epss
scoring_elements 0.90468
published_at 2026-04-16T12:55:00Z
6
value 0.05743
scoring_system epss
scoring_elements 0.9046
published_at 2026-04-12T12:55:00Z
7
value 0.05743
scoring_system epss
scoring_elements 0.90461
published_at 2026-04-11T12:55:00Z
8
value 0.05743
scoring_system epss
scoring_elements 0.90453
published_at 2026-04-13T12:55:00Z
9
value 0.05743
scoring_system epss
scoring_elements 0.90447
published_at 2026-04-08T12:55:00Z
10
value 0.05743
scoring_system epss
scoring_elements 0.90433
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4436
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5
4
reference_url https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4436
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4436
6
reference_url https://struts.apache.org/docs/s2-035.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-035.html
7
reference_url https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280
8
reference_url https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/
reference_id
reference_type
scores
url https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/
9
reference_url http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282
10
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21987854
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21987854
11
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1348233
reference_id 1348233
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1348233
13
reference_url https://github.com/advisories/GHSA-xm92-v2mq-842q
reference_id GHSA-xm92-v2mq-842q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xm92-v2mq-842q
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.29
purl pkg:maven/org.apache.struts/struts2-core@2.3.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-74ab-1p1c-4qbd
3
vulnerability VCID-79j9-v8gz-rfax
4
vulnerability VCID-7c97-nj5a-hqb8
5
vulnerability VCID-87fh-rvvb-6ubq
6
vulnerability VCID-95ts-vpk6-uubg
7
vulnerability VCID-b7zy-qhz9-tuar
8
vulnerability VCID-bgbt-j1n9-6yg5
9
vulnerability VCID-cm62-bsdz-yye2
10
vulnerability VCID-dk2f-14xj-9bf8
11
vulnerability VCID-gfxq-vtry-bqgg
12
vulnerability VCID-hgj2-vqzn-gyeb
13
vulnerability VCID-mdde-pa5h-w7g4
14
vulnerability VCID-tgd1-s1yg-9fdt
15
vulnerability VCID-y4qu-21c9-6fav
16
vulnerability VCID-y5uq-a6dx-3yd4
17
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29
1
url pkg:maven/org.apache.struts/struts2-core@2.5.1
purl pkg:maven/org.apache.struts/struts2-core@2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-5qtg-djvn-97ht
3
vulnerability VCID-74ab-1p1c-4qbd
4
vulnerability VCID-79j9-v8gz-rfax
5
vulnerability VCID-7c97-nj5a-hqb8
6
vulnerability VCID-87fh-rvvb-6ubq
7
vulnerability VCID-95ts-vpk6-uubg
8
vulnerability VCID-b7zy-qhz9-tuar
9
vulnerability VCID-bgbt-j1n9-6yg5
10
vulnerability VCID-cm62-bsdz-yye2
11
vulnerability VCID-dk2f-14xj-9bf8
12
vulnerability VCID-gfxq-vtry-bqgg
13
vulnerability VCID-hgj2-vqzn-gyeb
14
vulnerability VCID-mdde-pa5h-w7g4
15
vulnerability VCID-tgd1-s1yg-9fdt
16
vulnerability VCID-y4qu-21c9-6fav
17
vulnerability VCID-y5uq-a6dx-3yd4
18
vulnerability VCID-zkg1-bed6-bbfv
19
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1
aliases CVE-2016-4436, GHSA-xm92-v2mq-842q
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygbu-vb2t-jqhx
46
url VCID-z1gf-169n-m3af
vulnerability_id VCID-z1gf-169n-m3af
summary Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
references
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012
1
reference_url http://jvn.jp/en/jp/JVN79099262/index.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN79099262/index.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0838.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0838.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-0838
reference_id
reference_type
scores
0
value 0.11109
scoring_system epss
scoring_elements 0.93486
published_at 2026-04-18T12:55:00Z
1
value 0.11109
scoring_system epss
scoring_elements 0.93481
published_at 2026-04-16T12:55:00Z
2
value 0.11109
scoring_system epss
scoring_elements 0.93461
published_at 2026-04-13T12:55:00Z
3
value 0.11109
scoring_system epss
scoring_elements 0.9346
published_at 2026-04-12T12:55:00Z
4
value 0.11109
scoring_system epss
scoring_elements 0.93455
published_at 2026-04-09T12:55:00Z
5
value 0.11109
scoring_system epss
scoring_elements 0.93451
published_at 2026-04-08T12:55:00Z
6
value 0.11109
scoring_system epss
scoring_elements 0.93492
published_at 2026-04-21T12:55:00Z
7
value 0.11109
scoring_system epss
scoring_elements 0.93443
published_at 2026-04-07T12:55:00Z
8
value 0.13997
scoring_system epss
scoring_elements 0.94304
published_at 2026-04-02T12:55:00Z
9
value 0.13997
scoring_system epss
scoring_elements 0.94295
published_at 2026-04-01T12:55:00Z
10
value 0.13997
scoring_system epss
scoring_elements 0.94315
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-0838
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
6
reference_url https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b
7
reference_url https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892
8
reference_url https://issues.apache.org/jira/browse/WW-3668
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-3668
9
reference_url http://struts.apache.org/2.3.1.2/docs/s2-007.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.3.1.2/docs/s2-007.html
10
reference_url http://struts.apache.org/docs/s2-007.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-007.html
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=799980
reference_id 799980
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=799980
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-0838
reference_id CVE-2012-0838
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-0838
13
reference_url https://github.com/advisories/GHSA-mwrx-hx6x-3hhv
reference_id GHSA-mwrx-hx6x-3hhv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwrx-hx6x-3hhv
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.2.3.1
purl pkg:maven/org.apache.struts/struts2-core@2.2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6241-shkt-s7ew
7
vulnerability VCID-6hrc-fm64-ckhf
8
vulnerability VCID-6t1x-s2k2-b7bq
9
vulnerability VCID-759g-hsfg-97f8
10
vulnerability VCID-79j9-v8gz-rfax
11
vulnerability VCID-87fh-rvvb-6ubq
12
vulnerability VCID-8bsh-bshc-vkgq
13
vulnerability VCID-8mws-fbmg-cqa9
14
vulnerability VCID-95ts-vpk6-uubg
15
vulnerability VCID-at5c-f8p8-67fh
16
vulnerability VCID-b59n-uxft-4qgz
17
vulnerability VCID-b7zy-qhz9-tuar
18
vulnerability VCID-bgbt-j1n9-6yg5
19
vulnerability VCID-cm62-bsdz-yye2
20
vulnerability VCID-dk2f-14xj-9bf8
21
vulnerability VCID-fv6w-cdtc-kkhx
22
vulnerability VCID-gfxq-vtry-bqgg
23
vulnerability VCID-h4yg-zrv6-aqa1
24
vulnerability VCID-hgj2-vqzn-gyeb
25
vulnerability VCID-hkjh-35ye-1ugj
26
vulnerability VCID-j5su-cnqd-6yad
27
vulnerability VCID-k6mz-k1yb-4uej
28
vulnerability VCID-kdsa-599r-eud7
29
vulnerability VCID-me84-wy85-hkf5
30
vulnerability VCID-n2dn-bnjc-13gp
31
vulnerability VCID-n4fb-crnk-eugz
32
vulnerability VCID-q96z-v3bs-k3dg
33
vulnerability VCID-qqm4-frqy-bua5
34
vulnerability VCID-tcaj-6bcg-k7g2
35
vulnerability VCID-tgd1-s1yg-9fdt
36
vulnerability VCID-vgp6-jxqt-pbf4
37
vulnerability VCID-vkb9-11h4-dugp
38
vulnerability VCID-vnkw-9fa2-zqcm
39
vulnerability VCID-xz41-1z86-37ew
40
vulnerability VCID-y5uq-a6dx-3yd4
41
vulnerability VCID-ygbu-vb2t-jqhx
42
vulnerability VCID-zb3c-gnyc-yug8
43
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1
aliases CVE-2012-0838, GHSA-mwrx-hx6x-3hhv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z1gf-169n-m3af
47
url VCID-zb3c-gnyc-yug8
vulnerability_id VCID-zb3c-gnyc-yug8
summary CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0116
reference_id
reference_type
scores
0
value 0.02831
scoring_system epss
scoring_elements 0.86193
published_at 2026-04-21T12:55:00Z
1
value 0.02831
scoring_system epss
scoring_elements 0.86171
published_at 2026-04-09T12:55:00Z
2
value 0.02831
scoring_system epss
scoring_elements 0.86186
published_at 2026-04-11T12:55:00Z
3
value 0.02831
scoring_system epss
scoring_elements 0.86183
published_at 2026-04-12T12:55:00Z
4
value 0.02831
scoring_system epss
scoring_elements 0.86179
published_at 2026-04-13T12:55:00Z
5
value 0.02831
scoring_system epss
scoring_elements 0.86196
published_at 2026-04-16T12:55:00Z
6
value 0.02831
scoring_system epss
scoring_elements 0.86202
published_at 2026-04-18T12:55:00Z
7
value 0.02831
scoring_system epss
scoring_elements 0.86114
published_at 2026-04-01T12:55:00Z
8
value 0.02831
scoring_system epss
scoring_elements 0.86124
published_at 2026-04-02T12:55:00Z
9
value 0.02831
scoring_system epss
scoring_elements 0.8614
published_at 2026-04-07T12:55:00Z
10
value 0.02831
scoring_system epss
scoring_elements 0.86159
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0116
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02
4
reference_url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0116
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0116
6
reference_url http://struts.apache.org/docs/s2-022.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-022.html
7
reference_url http://struts.apache.org/release/2.3.x/docs/s2-022.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/release/2.3.x/docs/s2-022.html
8
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116
9
reference_url http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1094558
reference_id 1094558
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1094558
11
reference_url https://github.com/advisories/GHSA-hmhq-382q-mp56
reference_id GHSA-hmhq-382q-mp56
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hmhq-382q-mp56
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.16.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.16.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6hrc-fm64-ckhf
7
vulnerability VCID-74ab-1p1c-4qbd
8
vulnerability VCID-79j9-v8gz-rfax
9
vulnerability VCID-7c97-nj5a-hqb8
10
vulnerability VCID-87fh-rvvb-6ubq
11
vulnerability VCID-8bsh-bshc-vkgq
12
vulnerability VCID-8mws-fbmg-cqa9
13
vulnerability VCID-95ts-vpk6-uubg
14
vulnerability VCID-at5c-f8p8-67fh
15
vulnerability VCID-b7zy-qhz9-tuar
16
vulnerability VCID-bgbt-j1n9-6yg5
17
vulnerability VCID-cm62-bsdz-yye2
18
vulnerability VCID-dk2f-14xj-9bf8
19
vulnerability VCID-gfxq-vtry-bqgg
20
vulnerability VCID-hgj2-vqzn-gyeb
21
vulnerability VCID-j5su-cnqd-6yad
22
vulnerability VCID-mdde-pa5h-w7g4
23
vulnerability VCID-me84-wy85-hkf5
24
vulnerability VCID-tcaj-6bcg-k7g2
25
vulnerability VCID-tgd1-s1yg-9fdt
26
vulnerability VCID-vgp6-jxqt-pbf4
27
vulnerability VCID-y4qu-21c9-6fav
28
vulnerability VCID-y5uq-a6dx-3yd4
29
vulnerability VCID-ygbu-vb2t-jqhx
30
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.3
1
url pkg:maven/org.apache.struts/struts2-core@2.3.20
purl pkg:maven/org.apache.struts/struts2-core@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-3yq7-n972-j7dh
3
vulnerability VCID-4agy-6nsx-7ufh
4
vulnerability VCID-579w-2k2v-efa2
5
vulnerability VCID-6hrc-fm64-ckhf
6
vulnerability VCID-74ab-1p1c-4qbd
7
vulnerability VCID-79j9-v8gz-rfax
8
vulnerability VCID-7c97-nj5a-hqb8
9
vulnerability VCID-7fgd-jnfe-gkhp
10
vulnerability VCID-87fh-rvvb-6ubq
11
vulnerability VCID-8bsh-bshc-vkgq
12
vulnerability VCID-95ts-vpk6-uubg
13
vulnerability VCID-at5c-f8p8-67fh
14
vulnerability VCID-b7zy-qhz9-tuar
15
vulnerability VCID-bgbt-j1n9-6yg5
16
vulnerability VCID-cm62-bsdz-yye2
17
vulnerability VCID-czjh-bpfk-3yh6
18
vulnerability VCID-dk2f-14xj-9bf8
19
vulnerability VCID-gfxq-vtry-bqgg
20
vulnerability VCID-hgj2-vqzn-gyeb
21
vulnerability VCID-j5su-cnqd-6yad
22
vulnerability VCID-mdde-pa5h-w7g4
23
vulnerability VCID-p9xh-frm5-8ucp
24
vulnerability VCID-sf53-bgb2-7ue2
25
vulnerability VCID-tgd1-s1yg-9fdt
26
vulnerability VCID-vgp6-jxqt-pbf4
27
vulnerability VCID-y4qu-21c9-6fav
28
vulnerability VCID-y5uq-a6dx-3yd4
29
vulnerability VCID-ygbu-vb2t-jqhx
30
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20
aliases CVE-2014-0116, GHSA-hmhq-382q-mp56
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zb3c-gnyc-yug8
48
url VCID-zxww-8kb3-tufv
vulnerability_id VCID-zxww-8kb3-tufv
summary 
Improper Preservation of Permissions in Apache Struts
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-0233
reference_id
reference_type
scores
0
value 0.0778
scoring_system epss
scoring_elements 0.91976
published_at 2026-04-21T12:55:00Z
1
value 0.0778
scoring_system epss
scoring_elements 0.91924
published_at 2026-04-01T12:55:00Z
2
value 0.0778
scoring_system epss
scoring_elements 0.91932
published_at 2026-04-02T12:55:00Z
3
value 0.0778
scoring_system epss
scoring_elements 0.9194
published_at 2026-04-04T12:55:00Z
4
value 0.0778
scoring_system epss
scoring_elements 0.91946
published_at 2026-04-07T12:55:00Z
5
value 0.0778
scoring_system epss
scoring_elements 0.91959
published_at 2026-04-08T12:55:00Z
6
value 0.0778
scoring_system epss
scoring_elements 0.91964
published_at 2026-04-09T12:55:00Z
7
value 0.0778
scoring_system epss
scoring_elements 0.91967
published_at 2026-04-11T12:55:00Z
8
value 0.0778
scoring_system epss
scoring_elements 0.91966
published_at 2026-04-12T12:55:00Z
9
value 0.0778
scoring_system epss
scoring_elements 0.91963
published_at 2026-04-13T12:55:00Z
10
value 0.0778
scoring_system epss
scoring_elements 0.91982
published_at 2026-04-16T12:55:00Z
11
value 0.0778
scoring_system epss
scoring_elements 0.91979
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-0233
2
reference_url https://cwiki.apache.org/confluence/display/ww/s2-060
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/ww/s2-060
3
reference_url https://launchpad.support.sap.com/#/notes/2982840
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.support.sap.com/#/notes/2982840
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0233
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-0233
5
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
6
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
7
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1869682
reference_id 1869682
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1869682
9
reference_url https://github.com/advisories/GHSA-ccp5-gg58-pxfm
reference_id GHSA-ccp5-gg58-pxfm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ccp5-gg58-pxfm
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.22
purl pkg:maven/org.apache.struts/struts2-core@2.5.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-87fh-rvvb-6ubq
2
vulnerability VCID-95ts-vpk6-uubg
3
vulnerability VCID-b7zy-qhz9-tuar
4
vulnerability VCID-dk2f-14xj-9bf8
5
vulnerability VCID-gfxq-vtry-bqgg
6
vulnerability VCID-hgj2-vqzn-gyeb
7
vulnerability VCID-tgd1-s1yg-9fdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22
aliases CVE-2019-0233, GHSA-ccp5-gg58-pxfm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxww-8kb3-tufv
Fixing_vulnerabilities
0
url VCID-evh9-mua1-2bem
vulnerability_id VCID-evh9-mua1-2bem
summary 
XWork ParameterInterceptors bypass allows remote command execution
The OGNL extensive expression evaluation capability in this package as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive allowlist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the `#context`, `#_memberAccess`, `#root`, `#this`, `#_typeResolver`, `#_classResolver`, `#_traceEvaluations`, `#_lastEvaluation`, `#_keepLastEvaluation`, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.
references
0
reference_url http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html
1
reference_url http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16
2
reference_url http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1870.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1870.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-1870
reference_id
reference_type
scores
0
value 0.92533
scoring_system epss
scoring_elements 0.99736
published_at 2026-04-04T12:55:00Z
1
value 0.92533
scoring_system epss
scoring_elements 0.9974
published_at 2026-04-21T12:55:00Z
2
value 0.92533
scoring_system epss
scoring_elements 0.99739
published_at 2026-04-18T12:55:00Z
3
value 0.92533
scoring_system epss
scoring_elements 0.99738
published_at 2026-04-13T12:55:00Z
4
value 0.92533
scoring_system epss
scoring_elements 0.99735
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-1870
5
reference_url https://cwiki.apache.org/confluence/display/WW/S2-003
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-003
6
reference_url http://seclists.org/fulldisclosure/2010/Jul/183
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2010/Jul/183
7
reference_url http://seclists.org/fulldisclosure/2020/Oct/23
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2020/Oct/23
8
reference_url http://secunia.com/advisories/59110
reference_id
reference_type
scores
url http://secunia.com/advisories/59110
9
reference_url http://securityreason.com/securityalert/8345
reference_id
reference_type
scores
url http://securityreason.com/securityalert/8345
10
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-1870
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2010-1870
12
reference_url http://struts.apache.org/2.2.1/docs/s2-005.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.2.1/docs/s2-005.html
13
reference_url http://struts.apache.org/docs/s2-005.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-005.html
14
reference_url http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2
15
reference_url http://www.exploit-db.com/exploits/14360
reference_id
reference_type
scores
url http://www.exploit-db.com/exploits/14360
16
reference_url http://www.osvdb.org/66280
reference_id
reference_type
scores
url http://www.osvdb.org/66280
17
reference_url http://www.securityfocus.com/bid/41592
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/41592
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1123727
reference_id 1123727
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1123727
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
45
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/14360.txt
reference_id CVE-2010-1870;OSVDB-66280
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/14360.txt
46
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17691.rb
reference_id CVE-2010-1870;OSVDB-66280
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17691.rb
47
reference_url https://github.com/advisories/GHSA-x5fc-pgpx-59j5
reference_id GHSA-x5fc-pgpx-59j5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x5fc-pgpx-59j5
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.2.1
purl pkg:maven/org.apache.struts/struts2-core@2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-2v7h-fght-cugn
3
vulnerability VCID-3yq7-n972-j7dh
4
vulnerability VCID-4agy-6nsx-7ufh
5
vulnerability VCID-579w-2k2v-efa2
6
vulnerability VCID-6241-shkt-s7ew
7
vulnerability VCID-6hrc-fm64-ckhf
8
vulnerability VCID-6t1x-s2k2-b7bq
9
vulnerability VCID-759g-hsfg-97f8
10
vulnerability VCID-79j9-v8gz-rfax
11
vulnerability VCID-87fh-rvvb-6ubq
12
vulnerability VCID-8bsh-bshc-vkgq
13
vulnerability VCID-8mws-fbmg-cqa9
14
vulnerability VCID-95ts-vpk6-uubg
15
vulnerability VCID-at5c-f8p8-67fh
16
vulnerability VCID-b59n-uxft-4qgz
17
vulnerability VCID-b7zy-qhz9-tuar
18
vulnerability VCID-bgbt-j1n9-6yg5
19
vulnerability VCID-cm62-bsdz-yye2
20
vulnerability VCID-dk2f-14xj-9bf8
21
vulnerability VCID-fv6w-cdtc-kkhx
22
vulnerability VCID-gfxq-vtry-bqgg
23
vulnerability VCID-gv5f-auvz-5fda
24
vulnerability VCID-h4yg-zrv6-aqa1
25
vulnerability VCID-hgj2-vqzn-gyeb
26
vulnerability VCID-hkjh-35ye-1ugj
27
vulnerability VCID-j5su-cnqd-6yad
28
vulnerability VCID-k6mz-k1yb-4uej
29
vulnerability VCID-kdsa-599r-eud7
30
vulnerability VCID-me84-wy85-hkf5
31
vulnerability VCID-n2dn-bnjc-13gp
32
vulnerability VCID-n4fb-crnk-eugz
33
vulnerability VCID-nmgp-r7hb-5ke1
34
vulnerability VCID-q96z-v3bs-k3dg
35
vulnerability VCID-qqm4-frqy-bua5
36
vulnerability VCID-r28t-sdc5-kbga
37
vulnerability VCID-tcaj-6bcg-k7g2
38
vulnerability VCID-tgd1-s1yg-9fdt
39
vulnerability VCID-vgp6-jxqt-pbf4
40
vulnerability VCID-vkb9-11h4-dugp
41
vulnerability VCID-vnkw-9fa2-zqcm
42
vulnerability VCID-x65e-31g3-77bp
43
vulnerability VCID-xz41-1z86-37ew
44
vulnerability VCID-y5uq-a6dx-3yd4
45
vulnerability VCID-ygbu-vb2t-jqhx
46
vulnerability VCID-z1gf-169n-m3af
47
vulnerability VCID-zb3c-gnyc-yug8
48
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.1
aliases CVE-2010-1870, GHSA-x5fc-pgpx-59j5
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-evh9-mua1-2bem
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.1