Package Instance

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/docs/s2-031.html

reference_url	https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/docs/s2-031.html

reference_url	http://www.securityfocus.com/bid/88826
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/88826

reference_url	http://www.securitytracker.com/id/1035664
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035664

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3082

reference_id

CVE-2016-3082

reference_type

scores

value	10.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:C/A:C

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3082

reference_url

https://github.com/advisories/GHSA-pvm9-288c-v5wq

reference_id

GHSA-pvm9-288c-v5wq

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pvm9-288c-v5wq

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.20.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.20.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3

url pkg:maven/org.apache.struts/struts2-core@2.3.24.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3

url pkg:maven/org.apache.struts/struts2-core@2.3.28.1

purl pkg:maven/org.apache.struts/struts2-core@2.3.28.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1

aliases CVE-2016-3082, GHSA-pvm9-288c-v5wq

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rjv-1thm-dugt

url VCID-2v7h-fght-cugn

vulnerability_id VCID-2v7h-fght-cugn

summary Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.

references

reference_url	http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html
reference_id
reference_type
scores
url	http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html

reference_url

http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7809

reference_id

reference_type

scores

value	0.07545
scoring_system	epss
scoring_elements	0.91839
published_at	2026-04-21T12:55:00Z

value	0.07545
scoring_system	epss
scoring_elements	0.9179
published_at	2026-04-02T12:55:00Z

value	0.07545
scoring_system	epss
scoring_elements	0.91795
published_at	2026-04-04T12:55:00Z

value	0.07545
scoring_system	epss
scoring_elements	0.91804
published_at	2026-04-07T12:55:00Z

value	0.07545
scoring_system	epss
scoring_elements	0.91817
published_at	2026-04-08T12:55:00Z

value	0.07545
scoring_system	epss
scoring_elements	0.91823
published_at	2026-04-09T12:55:00Z

value	0.07545
scoring_system	epss
scoring_elements	0.91826
published_at	2026-04-11T12:55:00Z

value	0.07545
scoring_system	epss
scoring_elements	0.91828
published_at	2026-04-12T12:55:00Z

value	0.07545
scoring_system	epss
scoring_elements	0.91824
published_at	2026-04-13T12:55:00Z

value	0.07545
scoring_system	epss
scoring_elements	0.91845
published_at	2026-04-16T12:55:00Z

value	0.07545
scoring_system	epss
scoring_elements	0.91781
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7809

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7809

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7809

reference_url

http://struts.apache.org/docs/s2-023.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/docs/s2-023.html

reference_url

https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309

reference_url

https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548

reference_url

https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

reference_url	http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

reference_url	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

reference_url	http://www.securityfocus.com/archive/1/534175/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/534175/100/0/threaded

reference_url	http://www.securityfocus.com/bid/71548
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/71548

reference_url	http://www.securitytracker.com/id/1031309
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1031309

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1172133
reference_id	1172133
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1172133

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*

reference_url

https://github.com/advisories/GHSA-h4v9-jf2r-9h6m

reference_id

GHSA-h4v9-jf2r-9h6m

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h4v9-jf2r-9h6m

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.20

purl pkg:maven/org.apache.struts/struts2-core@2.3.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-7fgd-jnfe-gkhp

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-czjh-bpfk-3yh6

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20

aliases CVE-2014-7809, GHSA-h4v9-jf2r-9h6m

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2v7h-fght-cugn

url VCID-3yq7-n972-j7dh

vulnerability_id VCID-3yq7-n972-j7dh

summary

Improperly Controlled Modification of Dynamically-Determined Object Attributes
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

references

reference_url

http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html

reference_url

http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0230

reference_id

reference_type

scores

value	0.93727
scoring_system	epss
scoring_elements	0.99848
published_at	2026-04-01T12:55:00Z

value	0.93727
scoring_system	epss
scoring_elements	0.99852
published_at	2026-04-16T12:55:00Z

value	0.93727
scoring_system	epss
scoring_elements	0.99851
published_at	2026-04-18T12:55:00Z

value	0.93727
scoring_system	epss
scoring_elements	0.9985
published_at	2026-04-08T12:55:00Z

value	0.93727
scoring_system	epss
scoring_elements	0.99849
published_at	2026-04-04T12:55:00Z

value	0.93849
scoring_system	epss
scoring_elements	0.99867
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0230

reference_url

https://cwiki.apache.org/confluence/display/ww/s2-059

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/ww/s2-059

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1869672
reference_id	1869672
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1869672

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py
reference_id	CVE-2019-0230
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-0230

reference_id

CVE-2019-0230

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-0230

reference_url

https://github.com/advisories/GHSA-wp4h-pvgw-5727

reference_id

GHSA-wp4h-pvgw-5727

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wp4h-pvgw-5727

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.22

purl pkg:maven/org.apache.struts/struts2-core@2.5.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22

aliases CVE-2019-0230, GHSA-wp4h-pvgw-5727

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3yq7-n972-j7dh

url VCID-4agy-6nsx-7ufh

vulnerability_id VCID-4agy-6nsx-7ufh

summary Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3093

reference_id

reference_type

scores

value	0.05068
scoring_system	epss
scoring_elements	0.89801
published_at	2026-04-21T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.8975
published_at	2026-04-01T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.89753
published_at	2026-04-02T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.89768
published_at	2026-04-04T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.8977
published_at	2026-04-07T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.89787
published_at	2026-04-08T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.89793
published_at	2026-04-09T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.898
published_at	2026-04-11T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.89798
published_at	2026-04-12T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.89791
published_at	2026-04-13T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.89806
published_at	2026-04-16T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.89807
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3093

reference_url	https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92
reference_id
reference_type
scores
url	https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92

reference_url

https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E

reference_url

https://struts.apache.org/docs/s2-034.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-034.html

reference_url	http://struts.apache.org/docs/s2-034.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-034.html

reference_url	http://www-01.ibm.com/support/docview.wss?uid=swg21987854
reference_id
reference_type
scores
url	http://www-01.ibm.com/support/docview.wss?uid=swg21987854

reference_url	http://www.securityfocus.com/bid/90961
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90961

reference_url	http://www.securitytracker.com/id/1036018
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1036018

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1341677
reference_id	1341677
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1341677

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ognl_project:ognl::::::::
reference_id	cpe:2.3:a:ognl_project:ognl::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ognl_project:ognl::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3093

reference_id

CVE-2016-3093

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3093

reference_url

https://github.com/advisories/GHSA-383p-xqxx-rrmp

reference_id

GHSA-383p-xqxx-rrmp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-383p-xqxx-rrmp

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.24.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3

aliases CVE-2016-3093, GHSA-383p-xqxx-rrmp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4agy-6nsx-7ufh

url VCID-579w-2k2v-efa2

vulnerability_id VCID-579w-2k2v-efa2

summary In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12611

reference_id

reference_type

scores

value	0.94228
scoring_system	epss
scoring_elements	0.99927
published_at	2026-04-21T12:55:00Z

value	0.94228
scoring_system	epss
scoring_elements	0.99926
published_at	2026-04-18T12:55:00Z

value	0.94228
scoring_system	epss
scoring_elements	0.99925
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12611

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa

reference_url

https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f

reference_url

https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001

reference_url

https://struts.apache.org/docs/s2-053.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-053.html

reference_url

https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829

reference_url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt

reference_url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_url	http://www.securityfocus.com/bid/100829
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100829

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1489478
reference_id	1489478
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1489478

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.33:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1::::::

100

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2::::::

101

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3::::::

102

reference_url	https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py
reference_id	CVE-2017-12611
reference_type	exploit
scores
url	https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py

103

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py
reference_id	CVE-2017-12611
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py

104

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-12611

reference_id

CVE-2017-12611

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-12611

105

reference_url

https://github.com/advisories/GHSA-8fx9-5hx8-crhm

reference_id

GHSA-8fx9-5hx8-crhm

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8fx9-5hx8-crhm

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.20.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.20.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3

url pkg:maven/org.apache.struts/struts2-core@2.3.34

purl pkg:maven/org.apache.struts/struts2-core@2.3.34

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34

url pkg:maven/org.apache.struts/struts2-core@2.5.10.1

purl pkg:maven/org.apache.struts/struts2-core@2.5.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zkg1-bed6-bbfv

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1

url	pkg:maven/org.apache.struts/struts2-core@2.5.11
purl	pkg:maven/org.apache.struts/struts2-core@2.5.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.11

url pkg:maven/org.apache.struts/struts2-core@2.5.12

purl pkg:maven/org.apache.struts/struts2-core@2.5.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12

aliases CVE-2017-12611, GHSA-8fx9-5hx8-crhm

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-579w-2k2v-efa2

url VCID-6hrc-fm64-ckhf

vulnerability_id VCID-6hrc-fm64-ckhf

summary Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2162

reference_id

reference_type

scores

value	0.01235
scoring_system	epss
scoring_elements	0.79227
published_at	2026-04-18T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.79154
published_at	2026-04-01T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.7916
published_at	2026-04-02T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.79185
published_at	2026-04-04T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.79171
published_at	2026-04-07T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.79196
published_at	2026-04-08T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.79204
published_at	2026-04-13T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.79228
published_at	2026-04-21T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.79213
published_at	2026-04-12T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.7923
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2162

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java

reference_url

https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2162

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2162

reference_url

http://struts.apache.org/docs/s2-030.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/docs/s2-030.html

reference_url

https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070

reference_url

https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272

reference_url	http://www.securityfocus.com/bid/85070
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/85070

reference_url	http://www.securitytracker.com/id/1035272
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035272

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1326724
reference_id	1326724
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1326724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2_beta:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2_beta:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2_beta:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*

reference_url

https://github.com/advisories/GHSA-2j4q-9fff-236j

reference_id

GHSA-2j4q-9fff-236j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2j4q-9fff-236j

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.28

purl pkg:maven/org.apache.struts/struts2-core@2.3.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-7fgd-jnfe-gkhp

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-czjh-bpfk-3yh6

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28

aliases CVE-2016-2162, GHSA-2j4q-9fff-236j

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6hrc-fm64-ckhf

url VCID-74ab-1p1c-4qbd

vulnerability_id VCID-74ab-1p1c-4qbd

summary In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6795

reference_id

reference_type

scores

value	0.05049
scoring_system	epss
scoring_elements	0.89781
published_at	2026-04-21T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89729
published_at	2026-04-01T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89733
published_at	2026-04-02T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89747
published_at	2026-04-04T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89748
published_at	2026-04-07T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89766
published_at	2026-04-08T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89772
published_at	2026-04-09T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89779
published_at	2026-04-11T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89777
published_at	2026-04-12T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89771
published_at	2026-04-13T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89786
published_at	2026-04-16T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89787
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6795

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab

reference_url	https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab

reference_url

https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14

reference_url

https://security.netapp.com/advisory/ntap-20180629-0003

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180629-0003

reference_url	https://security.netapp.com/advisory/ntap-20180629-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180629-0003/

reference_url

https://struts.apache.org/docs/s2-042.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-042.html

reference_url

https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773

reference_url	http://www.securityfocus.com/bid/93773
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/93773

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6795

reference_id

CVE-2016-6795

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6795

reference_url

https://github.com/advisories/GHSA-44hv-jjx7-qfjg

reference_id

GHSA-44hv-jjx7-qfjg

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-44hv-jjx7-qfjg

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.31

purl pkg:maven/org.apache.struts/struts2-core@2.3.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.31

url pkg:maven/org.apache.struts/struts2-core@2.5.5

purl pkg:maven/org.apache.struts/struts2-core@2.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-5qtg-djvn-97ht

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zkg1-bed6-bbfv

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.5

aliases CVE-2016-6795, GHSA-44hv-jjx7-qfjg

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-74ab-1p1c-4qbd

url VCID-79j9-v8gz-rfax

vulnerability_id VCID-79j9-v8gz-rfax

summary

Remote code execution in Apache Struts
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

references

reference_url

http://jvn.jp/en/jp/JVN43969166/index.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

http://jvn.jp/en/jp/JVN43969166/index.html

reference_url

http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-17530

reference_id

reference_type

scores

value	0.94376
scoring_system	epss
scoring_elements	0.99967
published_at	2026-04-13T12:55:00Z

value	0.94376
scoring_system	epss
scoring_elements	0.99966
published_at	2026-04-21T12:55:00Z

value	0.94376
scoring_system	epss
scoring_elements	0.99968
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-17530

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-061

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-061

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210115-0005

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210115-0005

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

http://www.openwall.com/lists/oss-security/2022/04/12/6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

http://www.openwall.com/lists/oss-security/2022/04/12/6

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1905645
reference_id	1905645
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1905645

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-17530

reference_id

CVE-2020-17530

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-17530

reference_url

https://github.com/advisories/GHSA-jc35-q369-45pv

reference_id

GHSA-jc35-q369-45pv

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jc35-q369-45pv

reference_url

https://security.netapp.com/advisory/ntap-20210115-0005/

reference_id

ntap-20210115-0005

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://security.netapp.com/advisory/ntap-20210115-0005/

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.26

purl pkg:maven/org.apache.struts/struts2-core@2.5.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.26

aliases CVE-2020-17530, GHSA-jc35-q369-45pv

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-79j9-v8gz-rfax

url VCID-7c97-nj5a-hqb8

vulnerability_id VCID-7c97-nj5a-hqb8

summary

references

reference_url

http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

reference_url

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5638.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5638.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5638

reference_id

reference_type

scores

value	0.94267
scoring_system	epss
scoring_elements	0.99936
published_at	2026-04-04T12:55:00Z

value	0.94267
scoring_system	epss
scoring_elements	0.99937
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5638

reference_url

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-045

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-045

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-046

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-046

reference_url

https://exploit-db.com/exploits/41570

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://exploit-db.com/exploits/41570

reference_url

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a

reference_url

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228

reference_url

https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a

reference_url

https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a

reference_url	https://github.com/apache/struts/commit/6b8272ce47160036ed120a48345d9aa884477228
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/6b8272ce47160036ed120a48345d9aa884477228

reference_url

https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b

reference_url

https://github.com/mazen160/struts-pwn

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://github.com/mazen160/struts-pwn

reference_url

https://github.com/rapid7/metasploit-framework/issues/8064

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://github.com/rapid7/metasploit-framework/issues/8064

reference_url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us

reference_url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us

reference_url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us

reference_url

https://isc.sans.edu/diary/22169

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://isc.sans.edu/diary/22169

reference_url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E

reference_url

https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html

reference_url

https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt

reference_url

https://security.netapp.com/advisory/ntap-20170310-0001

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20170310-0001

reference_url

https://struts.apache.org/docs/s2-045.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://struts.apache.org/docs/s2-045.html

reference_url

https://struts.apache.org/docs/s2-046.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://struts.apache.org/docs/s2-046.html

reference_url

https://support.lenovo.com/us/en/product_security/len-14200

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://support.lenovo.com/us/en/product_security/len-14200

reference_url

https://twitter.com/theog150/status/841146956135124993

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://twitter.com/theog150/status/841146956135124993

reference_url

https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729

reference_url

https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5638

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5638

reference_url

https://www.exploit-db.com/exploits/41614

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/41614

reference_url

https://www.kb.cert.org/vuls/id/834067

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://www.kb.cert.org/vuls/id/834067

reference_url

https://www.symantec.com/security-center/network-protection-security-advisories/SA145

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://www.symantec.com/security-center/network-protection-security-advisories/SA145

reference_url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt

reference_url

http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url

http://www.securityfocus.com/bid/96729

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://www.securityfocus.com/bid/96729

reference_url

http://www.securitytracker.com/id/1037973

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://www.securitytracker.com/id/1037973

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1430326
reference_id	1430326
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1430326

reference_url

https://www.exploit-db.com/exploits/41614/

reference_id

41614

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://www.exploit-db.com/exploits/41614/

reference_url

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

reference_id

critical-vulnerability-under-massive-attack-imperils-high-impact-sites

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

reference_url	https://github.com/nixawk/labs/tree/17cf725d64f33ef51b820dea4fc1e6133f579d64/CVE-2017-5638
reference_id	CVE-2017-5638
reference_type	exploit
scores
url	https://github.com/nixawk/labs/tree/17cf725d64f33ef51b820dea4fc1e6133f579d64/CVE-2017-5638

reference_url	https://github.com/rapid7/metasploit-framework/blob/173633263853c7717caa658a9b98350b985cda02/modules/exploits/multi/http/struts2_content_type_ognl.rb
reference_id	CVE-2017-5638
reference_type	exploit
scores
url	https://github.com/rapid7/metasploit-framework/blob/173633263853c7717caa658a9b98350b985cda02/modules/exploits/multi/http/struts2_content_type_ognl.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41570.py
reference_id	CVE-2017-5638
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41570.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41614.rb
reference_id	CVE-2017-5638
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41614.rb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5638

reference_id

CVE-2017-5638

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5638

reference_url

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/

reference_id

cve-2017-5638-apache-struts-vulnerability-remote-code-execution

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/

reference_url

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/

reference_id

cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/

reference_url

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2

reference_id

CVE-2017-5638-NEW-REMOTE-CODE-EXECUTION-RCE-VULNERABILITY-IN-APACHE-STRUTS-2

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2

reference_url

https://github.com/advisories/GHSA-j77q-2qqg-6989

reference_id

GHSA-j77q-2qqg-6989

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-j77q-2qqg-6989

reference_url

https://security.netapp.com/advisory/ntap-20170310-0001/

reference_id

ntap-20170310-0001

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://security.netapp.com/advisory/ntap-20170310-0001/

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.32

purl pkg:maven/org.apache.struts/struts2-core@2.3.32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.32

url pkg:maven/org.apache.struts/struts2-core@2.5.10.1

purl pkg:maven/org.apache.struts/struts2-core@2.5.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zkg1-bed6-bbfv

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1

aliases CVE-2017-5638, GHSA-j77q-2qqg-6989

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7c97-nj5a-hqb8

url VCID-87fh-rvvb-6ubq

vulnerability_id VCID-87fh-rvvb-6ubq

summary

Apache Struts file upload logic is flawed
File upload logic is flawed vulnerability in Apache Struts. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.

This issue affects Apache Struts: from 2.0.0 before 6.4.0.

Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload. If you are not using an old file upload logic based on FileuploadInterceptor your application is safe.

You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067 .

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-53677

reference_id

reference_type

scores

value	0.91785
scoring_system	epss
scoring_elements	0.99685
published_at	2026-04-04T12:55:00Z

value	0.91785
scoring_system	epss
scoring_elements	0.99684
published_at	2026-04-02T12:55:00Z

value	0.91785
scoring_system	epss
scoring_elements	0.99686
published_at	2026-04-07T12:55:00Z

value	0.93053
scoring_system	epss
scoring_elements	0.99788
published_at	2026-04-08T12:55:00Z

value	0.93053
scoring_system	epss
scoring_elements	0.99791
published_at	2026-04-18T12:55:00Z

value	0.93053
scoring_system	epss
scoring_elements	0.99789
published_at	2026-04-13T12:55:00Z

value	0.93081
scoring_system	epss
scoring_elements	0.99793
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-53677

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-067

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-12T15:19:19Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-067

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854

reference_url

https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78

reference_url

https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-53677

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-53677

reference_url

https://security.netapp.com/advisory/ntap-20250103-0005

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250103-0005

reference_url

https://struts.apache.org/core-developers/file-upload

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/core-developers/file-upload

reference_url

https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2331686
reference_id	2331686
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2331686

reference_url

https://github.com/advisories/GHSA-43mq-6xmg-29vm

reference_id

GHSA-43mq-6xmg-29vm

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-43mq-6xmg-29vm

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@6.4.0

purl pkg:maven/org.apache.struts/struts2-core@6.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-95ts-vpk6-uubg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.4.0

aliases CVE-2024-53677, GHSA-43mq-6xmg-29vm

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-87fh-rvvb-6ubq

url VCID-8bsh-bshc-vkgq

vulnerability_id VCID-8bsh-bshc-vkgq

summary

Apache Struts forced double OGNL evaluation
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4461

reference_id

reference_type

scores

value	0.01704
scoring_system	epss
scoring_elements	0.8234
published_at	2026-04-21T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82235
published_at	2026-04-01T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82248
published_at	2026-04-02T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82267
published_at	2026-04-04T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82262
published_at	2026-04-07T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82288
published_at	2026-04-08T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82296
published_at	2026-04-09T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82315
published_at	2026-04-11T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82309
published_at	2026-04-12T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82304
published_at	2026-04-13T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82338
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4461

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180629-0004

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180629-0004

reference_url	https://security.netapp.com/advisory/ntap-20180629-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180629-0004/

reference_url

https://struts.apache.org/docs/s2-036.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-036.html

reference_url	http://www.securityfocus.com/bid/91277
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/91277

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:::::::*
reference_id	cpe:2.3:a:netapp:oncommand_balance:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4461

reference_id

CVE-2016-4461

reference_type

scores

value	9.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:C/I:C/A:C

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4461

reference_url

https://github.com/advisories/GHSA-864w-r5qj-h6fj

reference_id

GHSA-864w-r5qj-h6fj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-864w-r5qj-h6fj

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.29

purl pkg:maven/org.apache.struts/struts2-core@2.3.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29

aliases CVE-2016-4461, GHSA-864w-r5qj-h6fj

risk_score 4.0

exploitability 0.5

weighted_severity 8.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8bsh-bshc-vkgq

url VCID-8mws-fbmg-cqa9

vulnerability_id VCID-8mws-fbmg-cqa9

summary

Cross-site Scripting in Apache Struts
When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. 

It is generally not advisable to have debug mode switched on outside of the development environment. Debug mode should always be turned off in production setup. Also never expose JSPs files directly and hide them inside WEB-INF folder or define dedicated security constraints to block access to raw JSP files.

Struts >= 2.3.20 is not vulnerable to this attack. We recommend upgrading to Struts 2.3.20 or higher if turning off debug mode is not possible.

references

reference_url

http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html

reference_url

http://jvn.jp/en/jp/JVN88408929/index.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jvn.jp/en/jp/JVN88408929/index.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-2992

reference_id

reference_type

scores

value	0.00992
scoring_system	epss
scoring_elements	0.76944
published_at	2026-04-18T12:55:00Z

value	0.00992
scoring_system	epss
scoring_elements	0.76922
published_at	2026-04-11T12:55:00Z

value	0.00992
scoring_system	epss
scoring_elements	0.76936
published_at	2026-04-21T12:55:00Z

value	0.00992
scoring_system	epss
scoring_elements	0.76895
published_at	2026-04-09T12:55:00Z

value	0.00992
scoring_system	epss
scoring_elements	0.76902
published_at	2026-04-12T12:55:00Z

value	0.00992
scoring_system	epss
scoring_elements	0.76939
published_at	2026-04-16T12:55:00Z

value	0.00992
scoring_system	epss
scoring_elements	0.76834
published_at	2026-04-01T12:55:00Z

value	0.00992
scoring_system	epss
scoring_elements	0.76841
published_at	2026-04-02T12:55:00Z

value	0.00992
scoring_system	epss
scoring_elements	0.76897
published_at	2026-04-13T12:55:00Z

value	0.00992
scoring_system	epss
scoring_elements	0.76871
published_at	2026-04-04T12:55:00Z

value	0.00992
scoring_system	epss
scoring_elements	0.76853
published_at	2026-04-07T12:55:00Z

value	0.00992
scoring_system	epss
scoring_elements	0.76884
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-2992

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-025

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-025

reference_url

https://cwiki.apache.org/confluence/display/WW/Security

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/Security

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-2992

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-2992

reference_url

https://security.netapp.com/advisory/ntap-20200330-0001

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200330-0001

reference_url	https://security.netapp.com/advisory/ntap-20200330-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200330-0001/

reference_url

http://www.securityfocus.com/bid/76624

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/76624

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1260101
reference_id	1260101
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1260101

reference_url

https://github.com/advisories/GHSA-265r-pp83-gww7

reference_id

GHSA-265r-pp83-gww7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-265r-pp83-gww7

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.20

purl pkg:maven/org.apache.struts/struts2-core@2.3.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-7fgd-jnfe-gkhp

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-czjh-bpfk-3yh6

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20

aliases CVE-2015-2992, GHSA-265r-pp83-gww7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mws-fbmg-cqa9

url VCID-95ts-vpk6-uubg

vulnerability_id VCID-95ts-vpk6-uubg

summary

Apache Struts has a Denial of Service vulnerability
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-66675

reference_id

reference_type

scores

value	0.00124
scoring_system	epss
scoring_elements	0.31599
published_at	2026-04-08T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31685
published_at	2026-04-02T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31628
published_at	2026-04-09T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31729
published_at	2026-04-04T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31547
published_at	2026-04-07T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40733
published_at	2026-04-13T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40752
published_at	2026-04-12T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40786
published_at	2026-04-11T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.4067
published_at	2026-04-21T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40748
published_at	2026-04-18T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40778
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-66675

reference_url

https://cve.org/CVERecord?id=CVE-2025-64775

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/

url

https://cve.org/CVERecord?id=CVE-2025-64775

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-068

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-068

reference_url

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468

reference_url

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-66675

reference_id

CVE-2025-66675

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-66675

reference_url

https://github.com/advisories/GHSA-rg58-xhh7-mqjw

reference_id

GHSA-rg58-xhh7-mqjw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rg58-xhh7-mqjw

fixed_packages

url	pkg:maven/org.apache.struts/struts2-core@6.8.0
purl	pkg:maven/org.apache.struts/struts2-core@6.8.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0

url	pkg:maven/org.apache.struts/struts2-core@7.1.1
purl	pkg:maven/org.apache.struts/struts2-core@7.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1

aliases CVE-2025-66675, GHSA-rg58-xhh7-mqjw

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95ts-vpk6-uubg

url VCID-at5c-f8p8-67fh

vulnerability_id VCID-at5c-f8p8-67fh

summary Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4003

reference_id

reference_type

scores

value	0.02629
scoring_system	epss
scoring_elements	0.85608
published_at	2026-04-01T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85705
published_at	2026-04-21T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85711
published_at	2026-04-18T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85706
published_at	2026-04-16T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85684
published_at	2026-04-13T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85687
published_at	2026-04-12T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85691
published_at	2026-04-11T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85677
published_at	2026-04-09T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85665
published_at	2026-04-08T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85645
published_at	2026-04-07T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85638
published_at	2026-04-04T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.8562
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4003

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc

reference_url

https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9

reference_url

https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e

reference_url

https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2

reference_url

https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c

reference_url

https://issues.apache.org/jira/browse/WW-4507

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/WW-4507

reference_url

http://struts.apache.org/docs/s2-028.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/docs/s2-028.html

reference_url

https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311

reference_url

https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268

reference_url	http://www.securityfocus.com/bid/86311
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/86311

reference_url	http://www.securitytracker.com/id/1035268
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035268

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1326725
reference_id	1326725
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1326725

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4003

reference_id

CVE-2016-4003

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4003

reference_url

https://github.com/advisories/GHSA-m3x6-9v6h-4g28

reference_id

GHSA-m3x6-9v6h-4g28

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m3x6-9v6h-4g28

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.24.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3

url pkg:maven/org.apache.struts/struts2-core@2.3.28

purl pkg:maven/org.apache.struts/struts2-core@2.3.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-7fgd-jnfe-gkhp

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-czjh-bpfk-3yh6

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28

aliases CVE-2016-4003, GHSA-m3x6-9v6h-4g28

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-at5c-f8p8-67fh

url VCID-b7zy-qhz9-tuar

vulnerability_id VCID-b7zy-qhz9-tuar

summary

Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory (OOM) owing to not properly checking of list bounds. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.

Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-34149

reference_id

reference_type

scores

value	0.00062
scoring_system	epss
scoring_elements	0.19577
published_at	2026-04-02T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19474
published_at	2026-04-09T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19422
published_at	2026-04-08T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19344
published_at	2026-04-07T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19623
published_at	2026-04-04T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20545
published_at	2026-04-21T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20662
published_at	2026-04-11T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.2062
published_at	2026-04-12T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20567
published_at	2026-04-13T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20553
published_at	2026-04-16T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.2055
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-34149

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-063

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-063

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21

reference_url

https://github.com/apache/struts/releases/tag/STRUTS_2_5_31

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/releases/tag/STRUTS_2_5_31

reference_url

https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1

reference_url

https://security.netapp.com/advisory/ntap-20230706-0005

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230706-0005

reference_url

http://www.openwall.com/lists/oss-security/2023/06/14/2

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/

url

http://www.openwall.com/lists/oss-security/2023/06/14/2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-34149

reference_id

CVE-2023-34149

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-34149

reference_url

https://github.com/advisories/GHSA-8f6x-v685-g2xc

reference_id

GHSA-8f6x-v685-g2xc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8f6x-v685-g2xc

reference_url

https://security.netapp.com/advisory/ntap-20230706-0005/

reference_id

ntap-20230706-0005

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/

url

https://security.netapp.com/advisory/ntap-20230706-0005/

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.31

purl pkg:maven/org.apache.struts/struts2-core@2.5.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31

url pkg:maven/org.apache.struts/struts2-core@6.1.2.1

purl pkg:maven/org.apache.struts/struts2-core@6.1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-gfxq-vtry-bqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1

aliases CVE-2023-34149, GHSA-8f6x-v685-g2xc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7zy-qhz9-tuar

url VCID-bgbt-j1n9-6yg5

vulnerability_id VCID-bgbt-j1n9-6yg5

summary The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1327

reference_id

reference_type

scores

value	0.0622
scoring_system	epss
scoring_elements	0.90903
published_at	2026-04-21T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90902
published_at	2026-04-18T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90905
published_at	2026-04-16T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.9088
published_at	2026-04-13T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90881
published_at	2026-04-12T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90872
published_at	2026-04-09T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90866
published_at	2026-04-08T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90854
published_at	2026-04-07T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90844
published_at	2026-04-04T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90833
published_at	2026-04-02T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90828
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1327

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-056

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-056

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa

reference_url

https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4

reference_url

https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323

reference_url

https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20180330-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180330-0001

reference_url	https://security.netapp.com/advisory/ntap-20180330-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180330-0001/

reference_url	https://struts.apache.org/docs/s2-056.html
reference_id
reference_type
scores
url	https://struts.apache.org/docs/s2-056.html

reference_url

https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516

reference_url

https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_url	http://www.securityfocus.com/bid/103516
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103516

reference_url	http://www.securitytracker.com/id/1040575
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040575

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1561007
reference_id	1561007
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1561007

reference_url	https://access.redhat.com/security/cve/CVE-2018-1327
reference_id	CVE-2018-1327
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2018-1327

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1327

reference_id

CVE-2018-1327

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1327

reference_url

https://github.com/advisories/GHSA-38cr-2ph5-frr9

reference_id

GHSA-38cr-2ph5-frr9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-38cr-2ph5-frr9

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.16

purl pkg:maven/org.apache.struts/struts2-core@2.5.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.16

aliases CVE-2018-1327, GHSA-38cr-2ph5-frr9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bgbt-j1n9-6yg5

url VCID-cm62-bsdz-yye2

vulnerability_id VCID-cm62-bsdz-yye2

summary Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

references

reference_url

http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11776

reference_id

reference_type

scores

value	0.94431
scoring_system	epss
scoring_elements	0.99985
published_at	2026-04-18T12:55:00Z

value	0.94431
scoring_system	epss
scoring_elements	0.99984
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11776

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-057

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-057

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e

reference_url	https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e

reference_url	https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72

reference_url	https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d

reference_url

https://lgtm.com/blog/apache_struts_CVE-2018-11776

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://lgtm.com/blog/apache_struts_CVE-2018-11776

reference_url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012

reference_url

https://security.netapp.com/advisory/ntap-20180822-0001

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180822-0001

reference_url

https://security.netapp.com/advisory/ntap-20181018-0002

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20181018-0002

reference_url

https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125

reference_url

https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888

reference_url

https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776

reference_url

https://www.exploit-db.com/exploits/45260

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/45260

reference_url

https://www.exploit-db.com/exploits/45262

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/45262

reference_url

https://www.exploit-db.com/exploits/45367

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/45367

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt

reference_url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_url

http://www.securityfocus.com/bid/105125

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

http://www.securityfocus.com/bid/105125

reference_url

http://www.securitytracker.com/id/1041547

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

http://www.securitytracker.com/id/1041547

reference_url

http://www.securitytracker.com/id/1041888

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

http://www.securitytracker.com/id/1041888

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1620019
reference_id	1620019
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1620019

reference_url

https://www.exploit-db.com/exploits/45260/

reference_id

45260

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://www.exploit-db.com/exploits/45260/

reference_url

https://www.exploit-db.com/exploits/45262/

reference_id

45262

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://www.exploit-db.com/exploits/45262/

reference_url

https://www.exploit-db.com/exploits/45367/

reference_id

45367

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://www.exploit-db.com/exploits/45367/

reference_url	https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py

reference_url	https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11776

reference_id

CVE-2018-11776

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11776

reference_url	https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb

reference_url

https://github.com/hook-s3c/CVE-2018-11776-Python-PoC

reference_id

CVE-2018-11776-PYTHON-POC

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://github.com/hook-s3c/CVE-2018-11776-Python-PoC

reference_url

https://github.com/advisories/GHSA-cr6j-3jp9-rw65

reference_id

GHSA-cr6j-3jp9-rw65

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cr6j-3jp9-rw65

reference_url

https://security.netapp.com/advisory/ntap-20180822-0001/

reference_id

ntap-20180822-0001

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://security.netapp.com/advisory/ntap-20180822-0001/

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.35

purl pkg:maven/org.apache.struts/struts2-core@2.3.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.35

url pkg:maven/org.apache.struts/struts2-core@2.5.17

purl pkg:maven/org.apache.struts/struts2-core@2.5.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.17

aliases CVE-2018-11776, GHSA-cr6j-3jp9-rw65

risk_score 10.0

exploitability 2.0

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cm62-bsdz-yye2

url VCID-dk2f-14xj-9bf8

vulnerability_id VCID-dk2f-14xj-9bf8

summary

Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory (OOM) owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.

Upgrade to Struts 2.5.31 or 6.1.2.1 or greater

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-34396

reference_id

reference_type

scores

value	0.00115
scoring_system	epss
scoring_elements	0.30232
published_at	2026-04-02T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30194
published_at	2026-04-09T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30159
published_at	2026-04-08T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30099
published_at	2026-04-07T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30281
published_at	2026-04-04T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31376
published_at	2026-04-21T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.3147
published_at	2026-04-11T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31428
published_at	2026-04-12T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31391
published_at	2026-04-13T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31425
published_at	2026-04-16T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31404
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-34396

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-064

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-064

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21

reference_url

https://github.com/apache/struts/releases/tag/STRUTS_2_5_31

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/releases/tag/STRUTS_2_5_31

reference_url

https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1

reference_url

https://security.netapp.com/advisory/ntap-20230706-0005

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230706-0005

reference_url

http://www.openwall.com/lists/oss-security/2023/06/14/3

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/

url

http://www.openwall.com/lists/oss-security/2023/06/14/3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-34396

reference_id

CVE-2023-34396

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-34396

reference_url

https://github.com/advisories/GHSA-4g42-gqrg-4633

reference_id

GHSA-4g42-gqrg-4633

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4g42-gqrg-4633

reference_url

https://security.netapp.com/advisory/ntap-20230706-0005/

reference_id

ntap-20230706-0005

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/

url

https://security.netapp.com/advisory/ntap-20230706-0005/

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.31

purl pkg:maven/org.apache.struts/struts2-core@2.5.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31

url pkg:maven/org.apache.struts/struts2-core@6.1.2.1

purl pkg:maven/org.apache.struts/struts2-core@6.1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-gfxq-vtry-bqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1

aliases CVE-2023-34396, GHSA-4g42-gqrg-4633

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dk2f-14xj-9bf8

url VCID-gfxq-vtry-bqgg

vulnerability_id VCID-gfxq-vtry-bqgg

summary

Files or Directories Accessible to External Parties
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

references

reference_url

http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50164

reference_id

reference_type

scores

value	0.92864
scoring_system	epss
scoring_elements	0.99769
published_at	2026-04-21T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99842
published_at	2026-04-07T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99841
published_at	2026-04-02T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99844
published_at	2026-04-13T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99843
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50164

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-066

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-066

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163

reference_url

https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6

reference_url

https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj

reference_url

https://security.netapp.com/advisory/ntap-20231214-0010

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231214-0010

reference_url

https://www.openwall.com/lists/oss-security/2023/12/07/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2023/12/07/1

reference_url

http://www.openwall.com/lists/oss-security/2023/12/07/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/12/07/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2253938
reference_id	2253938
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2253938

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-50164

reference_id

CVE-2023-50164

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-50164

reference_url

https://github.com/advisories/GHSA-2j39-qcjm-428w

reference_id

GHSA-2j39-qcjm-428w

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2j39-qcjm-428w

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.33

purl pkg:maven/org.apache.struts/struts2-core@2.5.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-j8jv-hzsy-nyec

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.33

url pkg:maven/org.apache.struts/struts2-core@6.3.0.2

purl pkg:maven/org.apache.struts/struts2-core@6.3.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.3.0.2

aliases CVE-2023-50164, GHSA-2j39-qcjm-428w

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfxq-vtry-bqgg

url VCID-h4yg-zrv6-aqa1

vulnerability_id VCID-h4yg-zrv6-aqa1

summary ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.

references

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html

reference_url

https://access.redhat.com/errata/RHSA-2019:0910

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0910

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0112

reference_id

reference_type

scores

value	0.91424
scoring_system	epss
scoring_elements	0.99668
published_at	2026-04-21T12:55:00Z

value	0.91424
scoring_system	epss
scoring_elements	0.99659
published_at	2026-04-02T12:55:00Z

value	0.91424
scoring_system	epss
scoring_elements	0.9966
published_at	2026-04-04T12:55:00Z

value	0.91424
scoring_system	epss
scoring_elements	0.99661
published_at	2026-04-07T12:55:00Z

value	0.91424
scoring_system	epss
scoring_elements	0.99663
published_at	2026-04-11T12:55:00Z

value	0.91424
scoring_system	epss
scoring_elements	0.99664
published_at	2026-04-13T12:55:00Z

value	0.91424
scoring_system	epss
scoring_elements	0.99665
published_at	2026-04-16T12:55:00Z

value	0.91424
scoring_system	epss
scoring_elements	0.99666
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0112

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1091939

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1091939

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-021

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-021

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0112

reference_url	https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0112

reference_url	http://struts.apache.org/docs/s2-021.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-021.html

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112

reference_url

http://www-01.ibm.com/support/docview.wss?uid=swg21676706

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=swg21676706

reference_url

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

reference_url

http://www.vmware.com/security/advisories/VMSA-2014-0007.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.vmware.com/security/advisories/VMSA-2014-0007.html

reference_url

https://github.com/advisories/GHSA-prjv-jj26-wf8h

reference_id

GHSA-prjv-jj26-wf8h

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-prjv-jj26-wf8h

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.16.2

purl pkg:maven/org.apache.struts/struts2-core@2.3.16.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2

url pkg:maven/org.apache.struts/struts2-core@2.3.20

purl pkg:maven/org.apache.struts/struts2-core@2.3.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-7fgd-jnfe-gkhp

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-czjh-bpfk-3yh6

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20

aliases CVE-2014-0112, GHSA-prjv-jj26-wf8h

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4yg-zrv6-aqa1

url VCID-hgj2-vqzn-gyeb

vulnerability_id VCID-hgj2-vqzn-gyeb

summary

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-31805

reference_id

reference_type

scores

value	0.93956
scoring_system	epss
scoring_elements	0.99886
published_at	2026-04-21T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99883
published_at	2026-04-07T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99885
published_at	2026-04-13T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99884
published_at	2026-04-12T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99881
published_at	2026-04-01T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99882
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-31805

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-062

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-062

reference_url

https://security.netapp.com/advisory/ntap-20220420-0001

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220420-0001

reference_url	https://security.netapp.com/advisory/ntap-20220420-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220420-0001/

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

http://www.openwall.com/lists/oss-security/2022/04/12/6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/04/12/6

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2074788
reference_id	2074788
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2074788

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-31805

reference_id

CVE-2021-31805

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-31805

reference_url

https://github.com/advisories/GHSA-v8j6-6c2r-r27c

reference_id

GHSA-v8j6-6c2r-r27c

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v8j6-6c2r-r27c

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.30

purl pkg:maven/org.apache.struts/struts2-core@2.5.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.30

aliases CVE-2021-31805, GHSA-v8j6-6c2r-r27c

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgj2-vqzn-gyeb

url VCID-j5su-cnqd-6yad

vulnerability_id VCID-j5su-cnqd-6yad

summary Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-0785

reference_id

reference_type

scores

value	0.17798
scoring_system	epss
scoring_elements	0.95104
published_at	2026-04-02T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95107
published_at	2026-04-07T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95105
published_at	2026-04-04T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95093
published_at	2026-04-01T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95141
published_at	2026-04-21T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95139
published_at	2026-04-18T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95136
published_at	2026-04-16T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95128
published_at	2026-04-13T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95125
published_at	2026-04-12T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95123
published_at	2026-04-11T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95118
published_at	2026-04-09T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95114
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0785

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364

reference_url

http://struts.apache.org/docs/s2-029.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/docs/s2-029.html

reference_url

https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066

reference_url

https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271

reference_url	http://www.securityfocus.com/bid/85066
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/85066

reference_url	http://www.securitytracker.com/id/1035271
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035271

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1326720
reference_id	1326720
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1326720

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-0785

reference_id

CVE-2016-0785

reference_type

scores

value	9.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:C/I:C/A:C

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-0785

reference_url

https://github.com/advisories/GHSA-876p-4wgc-75rx

reference_id

GHSA-876p-4wgc-75rx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-876p-4wgc-75rx

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.20.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.20.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3

url pkg:maven/org.apache.struts/struts2-core@2.3.24.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3

url pkg:maven/org.apache.struts/struts2-core@2.3.28

purl pkg:maven/org.apache.struts/struts2-core@2.3.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-7fgd-jnfe-gkhp

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-czjh-bpfk-3yh6

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28

aliases CVE-2016-0785, GHSA-876p-4wgc-75rx

risk_score 4.0

exploitability 0.5

weighted_severity 8.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j5su-cnqd-6yad

url VCID-kdsa-599r-eud7

vulnerability_id VCID-kdsa-599r-eud7

summary The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0094

reference_id

reference_type

scores

value	0.93134
scoring_system	epss
scoring_elements	0.99796
published_at	2026-04-13T12:55:00Z

value	0.93134
scoring_system	epss
scoring_elements	0.99795
published_at	2026-04-08T12:55:00Z

value	0.93134
scoring_system	epss
scoring_elements	0.99794
published_at	2026-04-04T12:55:00Z

value	0.93134
scoring_system	epss
scoring_elements	0.99799
published_at	2026-04-21T12:55:00Z

value	0.93134
scoring_system	epss
scoring_elements	0.99798
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0094

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f

reference_url

https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62

reference_url	https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147

reference_url	http://struts.apache.org/docs/s2-021.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-021.html

reference_url

http://struts.apache.org/release/2.3.x/docs/s2-020.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/release/2.3.x/docs/s2-020.html

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113

reference_url

http://www-01.ibm.com/support/docview.wss?uid=swg21676706

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=swg21676706

reference_url

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

reference_url

http://www.konakart.com/downloads/ver-7-3-0-0-whats-new

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.konakart.com/downloads/ver-7-3-0-0-whats-new

reference_url

http://www.vmware.com/security/advisories/VMSA-2014-0007.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.vmware.com/security/advisories/VMSA-2014-0007.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1073716
reference_id	1073716
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1073716

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0094

reference_id

CVE-2014-0094

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0094

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb
reference_id	CVE-2014-0113;CVE-2014-0112;CVE-2014-0094;OSVDB-103918
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb

reference_url	https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb
reference_id	CVE-2014-0114;CVE-2014-0112;CVE-2014-0094
reference_type	exploit
scores
url	https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb
reference_id	CVE-2014-0114;CVE-2014-0112;CVE-2014-0094
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb

reference_url

https://github.com/advisories/GHSA-vrwc-qjmw-5rjm

reference_id

GHSA-vrwc-qjmw-5rjm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vrwc-qjmw-5rjm

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.16.2

purl pkg:maven/org.apache.struts/struts2-core@2.3.16.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2

aliases CVE-2014-0094, GHSA-vrwc-qjmw-5rjm

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kdsa-599r-eud7

url VCID-mdde-pa5h-w7g4

vulnerability_id VCID-mdde-pa5h-w7g4

summary In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9804.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9804.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9804

reference_id

reference_type

scores

value	0.04618
scoring_system	epss
scoring_elements	0.89278
published_at	2026-04-18T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89265
published_at	2026-04-13T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89268
published_at	2026-04-12T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89272
published_at	2026-04-21T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89263
published_at	2026-04-09T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89258
published_at	2026-04-08T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89223
published_at	2026-04-02T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89217
published_at	2026-04-01T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89241
published_at	2026-04-07T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89238
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9804

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/418a20c0594f23764fe29ced400c1219239899a

reference_url	https://github.com/apache/struts/commit/3fddfb6eb562d597c935084e9e81d43ed6bcd02
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/3fddfb6eb562d597c935084e9e81d43ed6bcd02

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/418a20c0594f23764fe29ced400c1219239899a

reference_url	https://github.com/apache/struts/commit/744c1f409d983641af3e8e3b573c2f2d2c2c6d9
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/744c1f409d983641af3e8e3b573c2f2d2c2c6d9

reference_url	https://github.com/apache/struts/commit/8a04e80f01350c90f053d71366d5e0c2186fded
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/8a04e80f01350c90f053d71366d5e0c2186fded

reference_url	https://github.com/apache/struts/commit/9d47af6ffa355977b5acc713e6d1f25fac260a2
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/9d47af6ffa355977b5acc713e6d1f25fac260a2

reference_url	https://github.com/apache/struts/commit/a05259ed69a5a48379aa91650e4cd1cb4bd6e5a
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/a05259ed69a5a48379aa91650e4cd1cb4bd6e5a

reference_url

https://security.netapp.com/advisory/ntap-20180629-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180629-0001

reference_url	https://security.netapp.com/advisory/ntap-20180629-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180629-0001/

reference_url

https://struts.apache.org/docs/s2-050.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-050.html

reference_url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

reference_url

https://web.archive.org/web/20171113165852/http://www.securityfocus.com/bid/100612

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20171113165852/http://www.securityfocus.com/bid/100612

reference_url

https://web.archive.org/web/20201021075553/http://www.securitytracker.com/id/1039261

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201021075553/http://www.securitytracker.com/id/1039261

reference_url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt

reference_url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_url	http://www.securityfocus.com/bid/100612
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100612

reference_url	http://www.securitytracker.com/id/1039261
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039261

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1488491
reference_id	1488491
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1488491

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.33:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.10.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-9804

reference_id

CVE-2017-9804

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-9804

reference_url

https://github.com/advisories/GHSA-x5x7-3v85-wpc4

reference_id

GHSA-x5x7-3v85-wpc4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x5x7-3v85-wpc4

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.20.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.20.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3

url pkg:maven/org.apache.struts/struts2-core@2.3.24

purl pkg:maven/org.apache.struts/struts2-core@2.3.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-7fgd-jnfe-gkhp

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-czjh-bpfk-3yh6

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24

url pkg:maven/org.apache.struts/struts2-core@2.3.34

purl pkg:maven/org.apache.struts/struts2-core@2.3.34

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34

url pkg:maven/org.apache.struts/struts2-core@2.5.13

purl pkg:maven/org.apache.struts/struts2-core@2.5.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13

aliases CVE-2017-9804, GHSA-x5x7-3v85-wpc4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mdde-pa5h-w7g4

url VCID-me84-wy85-hkf5

vulnerability_id VCID-me84-wy85-hkf5

summary

Cross-Site Scripting vulnerability on "Problem Report" screen
When Debug mode is turned on, under certain conditions an arbitrary script may be executed in the `Problem Report` screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script.

references

reference_url

http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html

reference_url

http://jvn.jp/en/jp/JVN95989300/index.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jvn.jp/en/jp/JVN95989300/index.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5169

reference_id

reference_type

scores

value	0.01198
scoring_system	epss
scoring_elements	0.78914
published_at	2026-04-21T12:55:00Z

value	0.01198
scoring_system	epss
scoring_elements	0.78844
published_at	2026-04-01T12:55:00Z

value	0.01198
scoring_system	epss
scoring_elements	0.7885
published_at	2026-04-02T12:55:00Z

value	0.01198
scoring_system	epss
scoring_elements	0.78879
published_at	2026-04-04T12:55:00Z

value	0.01198
scoring_system	epss
scoring_elements	0.78861
published_at	2026-04-07T12:55:00Z

value	0.01198
scoring_system	epss
scoring_elements	0.78886
published_at	2026-04-08T12:55:00Z

value	0.01198
scoring_system	epss
scoring_elements	0.78893
published_at	2026-04-09T12:55:00Z

value	0.01198
scoring_system	epss
scoring_elements	0.78916
published_at	2026-04-11T12:55:00Z

value	0.01198
scoring_system	epss
scoring_elements	0.789
published_at	2026-04-12T12:55:00Z

value	0.01198
scoring_system	epss
scoring_elements	0.78891
published_at	2026-04-13T12:55:00Z

value	0.01198
scoring_system	epss
scoring_elements	0.78919
published_at	2026-04-16T12:55:00Z

value	0.01198
scoring_system	epss
scoring_elements	0.78917
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5169

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1260087

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1260087

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5169

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5169

reference_url

https://security.netapp.com/advisory/ntap-20180629-0003

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180629-0003

reference_url	https://security.netapp.com/advisory/ntap-20180629-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180629-0003/

reference_url

https://struts.apache.org/docs/s2-025.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-025.html

reference_url	http://www.securityfocus.com/bid/76625
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/76625

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url

https://github.com/advisories/GHSA-vwhv-j36g-5rm8

reference_id

GHSA-vwhv-j36g-5rm8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vwhv-j36g-5rm8

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.20

purl pkg:maven/org.apache.struts/struts2-core@2.3.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-7fgd-jnfe-gkhp

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-czjh-bpfk-3yh6

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20

aliases CVE-2015-5169, GHSA-vwhv-j36g-5rm8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-me84-wy85-hkf5

url VCID-n2dn-bnjc-13gp

vulnerability_id VCID-n2dn-bnjc-13gp

summary CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0113

reference_id

reference_type

scores

value	0.82051
scoring_system	epss
scoring_elements	0.99208
published_at	2026-04-07T12:55:00Z

value	0.82051
scoring_system	epss
scoring_elements	0.99212
published_at	2026-04-21T12:55:00Z

value	0.82051
scoring_system	epss
scoring_elements	0.99209
published_at	2026-04-16T12:55:00Z

value	0.82051
scoring_system	epss
scoring_elements	0.99211
published_at	2026-04-18T12:55:00Z

value	0.82051
scoring_system	epss
scoring_elements	0.992
published_at	2026-04-01T12:55:00Z

value	0.82051
scoring_system	epss
scoring_elements	0.99202
published_at	2026-04-02T12:55:00Z

value	0.82051
scoring_system	epss
scoring_elements	0.9921
published_at	2026-04-12T12:55:00Z

value	0.82051
scoring_system	epss
scoring_elements	0.99204
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0113

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-021

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-021

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0113

reference_url	https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0113

reference_url	http://struts.apache.org/docs/s2-021.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-021.html

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113

reference_url

http://www-01.ibm.com/support/docview.wss?uid=swg21676706

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=swg21676706

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1092201
reference_id	1092201
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1092201

reference_url

https://github.com/advisories/GHSA-3c5c-xrq4-qhr8

reference_id

GHSA-3c5c-xrq4-qhr8

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3c5c-xrq4-qhr8

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.16.2

purl pkg:maven/org.apache.struts/struts2-core@2.3.16.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2

url pkg:maven/org.apache.struts/struts2-core@2.3.20

purl pkg:maven/org.apache.struts/struts2-core@2.3.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-7fgd-jnfe-gkhp

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-czjh-bpfk-3yh6

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20

aliases CVE-2014-0113, GHSA-3c5c-xrq4-qhr8

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2dn-bnjc-13gp

url VCID-tcaj-6bcg-k7g2

vulnerability_id VCID-tcaj-6bcg-k7g2

summary

Improper Input Validation
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3090

reference_id

reference_type

scores

value	0.02195
scoring_system	epss
scoring_elements	0.8433
published_at	2026-04-01T12:55:00Z

value	0.02195
scoring_system	epss
scoring_elements	0.84365
published_at	2026-04-04T12:55:00Z

value	0.02195
scoring_system	epss
scoring_elements	0.84345
published_at	2026-04-02T12:55:00Z

value	0.02195
scoring_system	epss
scoring_elements	0.84427
published_at	2026-04-21T12:55:00Z

value	0.02195
scoring_system	epss
scoring_elements	0.84425
published_at	2026-04-18T12:55:00Z

value	0.02195
scoring_system	epss
scoring_elements	0.84402
published_at	2026-04-13T12:55:00Z

value	0.02195
scoring_system	epss
scoring_elements	0.84406
published_at	2026-04-12T12:55:00Z

value	0.02195
scoring_system	epss
scoring_elements	0.84412
published_at	2026-04-11T12:55:00Z

value	0.02195
scoring_system	epss
scoring_elements	0.84395
published_at	2026-04-09T12:55:00Z

value	0.02195
scoring_system	epss
scoring_elements	0.84389
published_at	2026-04-08T12:55:00Z

value	0.02195
scoring_system	epss
scoring_elements	0.84367
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3090

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180629-0005

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180629-0005

reference_url	https://security.netapp.com/advisory/ntap-20180629-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180629-0005/

reference_url

https://struts.apache.org/docs/s2-027.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-027.html

reference_url

https://web.archive.org/web/20210123095942/http://www.securityfocus.com/bid/85131

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210123095942/http://www.securityfocus.com/bid/85131

reference_url

https://web.archive.org/web/20211206100940/https://www.securitytracker.com/id/1035267

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20211206100940/https://www.securitytracker.com/id/1035267

reference_url	https://www.securitytracker.com/id/1035267
reference_id
reference_type
scores
url	https://www.securitytracker.com/id/1035267

reference_url	http://www.securityfocus.com/bid/85131
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/85131

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3090

reference_id

CVE-2016-3090

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3090

reference_url

https://github.com/advisories/GHSA-ggmp-fxfg-277r

reference_id

GHSA-ggmp-fxfg-277r

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ggmp-fxfg-277r

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.20

purl pkg:maven/org.apache.struts/struts2-core@2.3.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-7fgd-jnfe-gkhp

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-czjh-bpfk-3yh6

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20

aliases CVE-2016-3090, GHSA-ggmp-fxfg-277r

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcaj-6bcg-k7g2

url VCID-tgd1-s1yg-9fdt

vulnerability_id VCID-tgd1-s1yg-9fdt

summary

Apache Struts 2 is Missing XML Validation
Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-68493

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07712
published_at	2026-04-21T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07615
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0764
published_at	2026-04-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07673
published_at	2026-04-08T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07572
published_at	2026-04-18T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07585
published_at	2026-04-16T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0766
published_at	2026-04-13T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07676
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0769
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07598
published_at	2026-04-02T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07691
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-68493

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-069

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-069

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-68493

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-68493

reference_url

http://www.openwall.com/lists/oss-security/2026/01/11/2

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/01/11/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2428559
reference_id	2428559
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2428559

reference_url

https://github.com/advisories/GHSA-qcfc-hmrc-59x7

reference_id

GHSA-qcfc-hmrc-59x7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qcfc-hmrc-59x7

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5-BETA1

purl pkg:maven/org.apache.struts/struts2-core@2.5-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5-BETA1

url pkg:maven/org.apache.struts/struts2-core@6.1.1

purl pkg:maven/org.apache.struts/struts2-core@6.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.1

aliases CVE-2025-68493, GHSA-qcfc-hmrc-59x7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgd1-s1yg-9fdt

url VCID-vgp6-jxqt-pbf4

vulnerability_id VCID-vgp6-jxqt-pbf4

summary The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.

references

reference_url

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110

reference_url

http://jvn.jp/en/jp/JVN07710476/index.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://jvn.jp/en/jp/JVN07710476/index.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4438

reference_id

reference_type

scores

value	0.62087
scoring_system	epss
scoring_elements	0.98351
published_at	2026-04-21T12:55:00Z

value	0.62087
scoring_system	epss
scoring_elements	0.98334
published_at	2026-04-01T12:55:00Z

value	0.62087
scoring_system	epss
scoring_elements	0.98336
published_at	2026-04-02T12:55:00Z

value	0.62087
scoring_system	epss
scoring_elements	0.98339
published_at	2026-04-04T12:55:00Z

value	0.62087
scoring_system	epss
scoring_elements	0.98341
published_at	2026-04-07T12:55:00Z

value	0.62087
scoring_system	epss
scoring_elements	0.98346
published_at	2026-04-08T12:55:00Z

value	0.62087
scoring_system	epss
scoring_elements	0.98347
published_at	2026-04-09T12:55:00Z

value	0.62087
scoring_system	epss
scoring_elements	0.98349
published_at	2026-04-11T12:55:00Z

value	0.62087
scoring_system	epss
scoring_elements	0.9835
published_at	2026-04-13T12:55:00Z

value	0.62087
scoring_system	epss
scoring_elements	0.98353
published_at	2026-04-16T12:55:00Z

value	0.62087
scoring_system	epss
scoring_elements	0.98352
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4438

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1348238

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1348238

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c

reference_url

https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d

reference_url

https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c

reference_url

https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b

reference_url

https://struts.apache.org/docs/s2-037.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-037.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url	http://www.securityfocus.com/bid/91275
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/91275

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4438

reference_id

CVE-2016-4438

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4438

reference_url

https://github.com/advisories/GHSA-4prj-vw9j-v6pr

reference_id

GHSA-4prj-vw9j-v6pr

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4prj-vw9j-v6pr

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.29

purl pkg:maven/org.apache.struts/struts2-core@2.3.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29

aliases CVE-2016-4438, GHSA-4prj-vw9j-v6pr

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgp6-jxqt-pbf4

url VCID-y4qu-21c9-6fav

vulnerability_id VCID-y4qu-21c9-6fav

summary When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9787.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9787.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9787

reference_id

reference_type

scores

value	0.08229
scoring_system	epss
scoring_elements	0.92231
published_at	2026-04-21T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92184
published_at	2026-04-01T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92191
published_at	2026-04-02T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92197
published_at	2026-04-04T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.922
published_at	2026-04-07T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92212
published_at	2026-04-08T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92215
published_at	2026-04-09T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92221
published_at	2026-04-11T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92229
published_at	2026-04-18T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.9223
published_at	2026-04-16T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92222
published_at	2026-04-12T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92218
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9787

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:P

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/struts/commit/086b63735527d4bb0c1dd0d86a7c0374b825ff2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/086b63735527d4bb0c1dd0d86a7c0374b825ff2

reference_url

https://github.com/apache/struts/commit/0d6442bab5b44d93c4c2e63c5335f0a331333b9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/0d6442bab5b44d93c4c2e63c5335f0a331333b9

reference_url

https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20180706-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180706-0002

reference_url	https://security.netapp.com/advisory/ntap-20180706-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180706-0002/

reference_url

http://struts.apache.org/docs/s2-049.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/docs/s2-049.html

reference_url

https://web.archive.org/web/20170910013819/http://www.securitytracker.com/id/1039115

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170910013819/http://www.securitytracker.com/id/1039115

reference_url

https://web.archive.org/web/20200227144723/http://www.securityfocus.com/bid/99562

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227144723/http://www.securityfocus.com/bid/99562

reference_url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_url	http://www.securityfocus.com/bid/99562
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/99562

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1480608
reference_id	1480608
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1480608

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-9787

reference_id

CVE-2017-9787

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-9787

reference_url

https://github.com/advisories/GHSA-8mr5-h28g-36qx

reference_id

GHSA-8mr5-h28g-36qx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8mr5-h28g-36qx

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.33

purl pkg:maven/org.apache.struts/struts2-core@2.3.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.33

url pkg:maven/org.apache.struts/struts2-core@2.5.12

purl pkg:maven/org.apache.struts/struts2-core@2.5.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12

aliases CVE-2017-9787, GHSA-8mr5-h28g-36qx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y4qu-21c9-6fav

url VCID-y5uq-a6dx-3yd4

vulnerability_id VCID-y5uq-a6dx-3yd4

summary

Unrestricted Upload of File with Dangerous Type
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1592

reference_id

reference_type

scores

value	0.00588
scoring_system	epss
scoring_elements	0.69178
published_at	2026-04-18T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69066
published_at	2026-04-01T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69158
published_at	2026-04-21T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69135
published_at	2026-04-08T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69085
published_at	2026-04-07T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69104
published_at	2026-04-04T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69082
published_at	2026-04-02T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.6917
published_at	2026-04-16T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69131
published_at	2026-04-13T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.6916
published_at	2026-04-12T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69176
published_at	2026-04-11T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69154
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1592

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76

reference_url

https://issues.apache.org/jira/browse/WW-5055

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/WW-5055

reference_url

https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E

reference_url

https://seclists.org/bugtraq/2012/Mar/110

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://seclists.org/bugtraq/2012/Mar/110

reference_url

https://struts.apache.org/security/#internal-security-mechanism

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/security/#internal-security-mechanism

reference_url

https://www.openwall.com/lists/oss-security/2012/03/28/12

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2012/03/28/12

reference_url	http://www.openwall.com/lists/oss-security/2012/03/28/12
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2012/03/28/12

reference_url

https://access.redhat.com/security/cve/cve-2012-1592

reference_id

CVE-2012-1592

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2012-1592

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-1592

reference_id

CVE-2012-1592

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-1592

reference_url

https://security-tracker.debian.org/tracker/CVE-2012-1592

reference_id

CVE-2012-1592

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security-tracker.debian.org/tracker/CVE-2012-1592

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml
reference_id	CVE-2012-1592;OSVDB-80547
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml

reference_url	https://www.securityfocus.com/bid/52702/info
reference_id	CVE-2012-1592;OSVDB-80547
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/52702/info

reference_url

https://github.com/advisories/GHSA-8m5q-crqq-6pmf

reference_id

GHSA-8m5q-crqq-6pmf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8m5q-crqq-6pmf

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.22

purl pkg:maven/org.apache.struts/struts2-core@2.5.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22

aliases CVE-2012-1592, GHSA-8m5q-crqq-6pmf

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y5uq-a6dx-3yd4

url VCID-ygbu-vb2t-jqhx

vulnerability_id VCID-ygbu-vb2t-jqhx

summary Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4436

reference_id

reference_type

scores

value	0.05743
scoring_system	epss
scoring_elements	0.90416
published_at	2026-04-02T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90428
published_at	2026-04-04T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90413
published_at	2026-04-01T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90465
published_at	2026-04-21T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90467
published_at	2026-04-18T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90468
published_at	2026-04-16T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.9046
published_at	2026-04-12T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90461
published_at	2026-04-11T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90453
published_at	2026-04-13T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90447
published_at	2026-04-08T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90433
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4436

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5

reference_url

https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4436

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4436

reference_url

https://struts.apache.org/docs/s2-035.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-035.html

reference_url

https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280

reference_url	https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/
reference_id
reference_type
scores
url	https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/

reference_url

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282

reference_url

http://www-01.ibm.com/support/docview.wss?uid=swg21987854

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=swg21987854

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1348233
reference_id	1348233
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1348233

reference_url

https://github.com/advisories/GHSA-xm92-v2mq-842q

reference_id

GHSA-xm92-v2mq-842q

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xm92-v2mq-842q

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.29

purl pkg:maven/org.apache.struts/struts2-core@2.3.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29

url pkg:maven/org.apache.struts/struts2-core@2.5.1

purl pkg:maven/org.apache.struts/struts2-core@2.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-5qtg-djvn-97ht

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zkg1-bed6-bbfv

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1

aliases CVE-2016-4436, GHSA-xm92-v2mq-842q

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygbu-vb2t-jqhx

url VCID-zb3c-gnyc-yug8

vulnerability_id VCID-zb3c-gnyc-yug8

summary CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0116

reference_id

reference_type

scores

value	0.02831
scoring_system	epss
scoring_elements	0.86193
published_at	2026-04-21T12:55:00Z

value	0.02831
scoring_system	epss
scoring_elements	0.86171
published_at	2026-04-09T12:55:00Z

value	0.02831
scoring_system	epss
scoring_elements	0.86186
published_at	2026-04-11T12:55:00Z

value	0.02831
scoring_system	epss
scoring_elements	0.86183
published_at	2026-04-12T12:55:00Z

value	0.02831
scoring_system	epss
scoring_elements	0.86179
published_at	2026-04-13T12:55:00Z

value	0.02831
scoring_system	epss
scoring_elements	0.86196
published_at	2026-04-16T12:55:00Z

value	0.02831
scoring_system	epss
scoring_elements	0.86202
published_at	2026-04-18T12:55:00Z

value	0.02831
scoring_system	epss
scoring_elements	0.86114
published_at	2026-04-01T12:55:00Z

value	0.02831
scoring_system	epss
scoring_elements	0.86124
published_at	2026-04-02T12:55:00Z

value	0.02831
scoring_system	epss
scoring_elements	0.8614
published_at	2026-04-07T12:55:00Z

value	0.02831
scoring_system	epss
scoring_elements	0.86159
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0116

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02

reference_url	https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0116

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0116

reference_url	http://struts.apache.org/docs/s2-022.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-022.html

reference_url

http://struts.apache.org/release/2.3.x/docs/s2-022.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/release/2.3.x/docs/s2-022.html

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116

reference_url

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1094558
reference_id	1094558
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1094558

reference_url

https://github.com/advisories/GHSA-hmhq-382q-mp56

reference_id

GHSA-hmhq-382q-mp56

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hmhq-382q-mp56

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.16.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.16.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.3

url pkg:maven/org.apache.struts/struts2-core@2.3.20

purl pkg:maven/org.apache.struts/struts2-core@2.3.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-7fgd-jnfe-gkhp

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-czjh-bpfk-3yh6

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-p9xh-frm5-8ucp

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20

aliases CVE-2014-0116, GHSA-hmhq-382q-mp56

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zb3c-gnyc-yug8

url VCID-zxww-8kb3-tufv

vulnerability_id VCID-zxww-8kb3-tufv

summary

Improper Preservation of Permissions in Apache Struts
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0233

reference_id

reference_type

scores

value	0.0778
scoring_system	epss
scoring_elements	0.91976
published_at	2026-04-21T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91924
published_at	2026-04-01T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91932
published_at	2026-04-02T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.9194
published_at	2026-04-04T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91946
published_at	2026-04-07T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91959
published_at	2026-04-08T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91964
published_at	2026-04-09T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91967
published_at	2026-04-11T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91966
published_at	2026-04-12T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91963
published_at	2026-04-13T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91982
published_at	2026-04-16T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91979
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0233

reference_url

https://cwiki.apache.org/confluence/display/ww/s2-060

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/ww/s2-060

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url