Package Instance

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/docs/s2-031.html

reference_url	https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/docs/s2-031.html

reference_url	http://www.securityfocus.com/bid/88826
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/88826

reference_url	http://www.securitytracker.com/id/1035664
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035664

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3082

reference_id

CVE-2016-3082

reference_type

scores

value	10.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:C/A:C

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3082

reference_url

https://github.com/advisories/GHSA-pvm9-288c-v5wq

reference_id

GHSA-pvm9-288c-v5wq

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pvm9-288c-v5wq

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.20.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.20.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3

url pkg:maven/org.apache.struts/struts2-core@2.3.24.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3

url pkg:maven/org.apache.struts/struts2-core@2.3.28.1

purl pkg:maven/org.apache.struts/struts2-core@2.3.28.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1

aliases CVE-2016-3082, GHSA-pvm9-288c-v5wq

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rjv-1thm-dugt

url VCID-3yq7-n972-j7dh

vulnerability_id VCID-3yq7-n972-j7dh

summary

Improperly Controlled Modification of Dynamically-Determined Object Attributes
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

references

reference_url

http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html

reference_url

http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0230

reference_id

reference_type

scores

value	0.93727
scoring_system	epss
scoring_elements	0.99848
published_at	2026-04-01T12:55:00Z

value	0.93727
scoring_system	epss
scoring_elements	0.99852
published_at	2026-04-16T12:55:00Z

value	0.93727
scoring_system	epss
scoring_elements	0.99851
published_at	2026-04-18T12:55:00Z

value	0.93727
scoring_system	epss
scoring_elements	0.9985
published_at	2026-04-08T12:55:00Z

value	0.93727
scoring_system	epss
scoring_elements	0.99849
published_at	2026-04-04T12:55:00Z

value	0.93849
scoring_system	epss
scoring_elements	0.99867
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0230

reference_url

https://cwiki.apache.org/confluence/display/ww/s2-059

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/ww/s2-059

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1869672
reference_id	1869672
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1869672

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py
reference_id	CVE-2019-0230
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-0230

reference_id

CVE-2019-0230

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-0230

reference_url

https://github.com/advisories/GHSA-wp4h-pvgw-5727

reference_id

GHSA-wp4h-pvgw-5727

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wp4h-pvgw-5727

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.22

purl pkg:maven/org.apache.struts/struts2-core@2.5.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22

aliases CVE-2019-0230, GHSA-wp4h-pvgw-5727

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3yq7-n972-j7dh

url VCID-4agy-6nsx-7ufh

vulnerability_id VCID-4agy-6nsx-7ufh

summary Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3093

reference_id

reference_type

scores

value	0.05068
scoring_system	epss
scoring_elements	0.89801
published_at	2026-04-21T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.8975
published_at	2026-04-01T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.89753
published_at	2026-04-02T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.89768
published_at	2026-04-04T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.8977
published_at	2026-04-07T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.89787
published_at	2026-04-08T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.89793
published_at	2026-04-09T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.898
published_at	2026-04-11T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.89798
published_at	2026-04-12T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.89791
published_at	2026-04-13T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.89806
published_at	2026-04-16T12:55:00Z

value	0.05068
scoring_system	epss
scoring_elements	0.89807
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3093

reference_url	https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92
reference_id
reference_type
scores
url	https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92

reference_url

https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E

reference_url

https://struts.apache.org/docs/s2-034.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-034.html

reference_url	http://struts.apache.org/docs/s2-034.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-034.html

reference_url	http://www-01.ibm.com/support/docview.wss?uid=swg21987854
reference_id
reference_type
scores
url	http://www-01.ibm.com/support/docview.wss?uid=swg21987854

reference_url	http://www.securityfocus.com/bid/90961
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90961

reference_url	http://www.securitytracker.com/id/1036018
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1036018

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1341677
reference_id	1341677
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1341677

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ognl_project:ognl::::::::
reference_id	cpe:2.3:a:ognl_project:ognl::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ognl_project:ognl::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3093

reference_id

CVE-2016-3093

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3093

reference_url

https://github.com/advisories/GHSA-383p-xqxx-rrmp

reference_id

GHSA-383p-xqxx-rrmp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-383p-xqxx-rrmp

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.24.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3

aliases CVE-2016-3093, GHSA-383p-xqxx-rrmp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4agy-6nsx-7ufh

url VCID-6241-shkt-s7ew

vulnerability_id VCID-6241-shkt-s7ew

summary Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2134

reference_id

reference_type

scores

value	0.91526
scoring_system	epss
scoring_elements	0.99671
published_at	2026-04-09T12:55:00Z

value	0.91526
scoring_system	epss
scoring_elements	0.99675
published_at	2026-04-21T12:55:00Z

value	0.91526
scoring_system	epss
scoring_elements	0.99674
published_at	2026-04-18T12:55:00Z

value	0.91526
scoring_system	epss
scoring_elements	0.99673
published_at	2026-04-16T12:55:00Z

value	0.91526
scoring_system	epss
scoring_elements	0.99672
published_at	2026-04-13T12:55:00Z

value	0.92052
scoring_system	epss
scoring_elements	0.99699
published_at	2026-04-02T12:55:00Z

value	0.92052
scoring_system	epss
scoring_elements	0.99701
published_at	2026-04-07T12:55:00Z

value	0.92052
scoring_system	epss
scoring_elements	0.997
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2134

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-015

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-015

reference_url

http://security.gentoo.org/glsa/glsa-201409-04.xml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://security.gentoo.org/glsa/glsa-201409-04.xml

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0

reference_url	https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0

reference_url

https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f

reference_url

https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c

reference_url	https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe

reference_url

https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3

reference_url

https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba

reference_url	https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3

reference_url

https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37

reference_url	https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1

reference_url

https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/development/2.x/docs/s2-015.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/development/2.x/docs/s2-015.html

reference_url	http://struts.apache.org/docs/s2-015.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-015.html

reference_url

https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346

reference_url

https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758

reference_url

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

reference_url

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

reference_url	http://www.securityfocus.com/bid/60346
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/60346

reference_url	http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/64758

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2134

reference_id

CVE-2013-2134

reference_type

scores

value	9.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:C/I:C/A:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2134

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt
reference_id	CVE-2013-2134;OSVDB-93969
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt

reference_url	https://www.securityfocus.com/bid/60345/info
reference_id	CVE-2013-2134;OSVDB-93969
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/60345/info

reference_url

https://github.com/advisories/GHSA-gqqm-564f-vvxq

reference_id

GHSA-gqqm-564f-vvxq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gqqm-564f-vvxq

reference_url	https://security.gentoo.org/glsa/201409-04
reference_id	GLSA-201409-04
reference_type
scores
url	https://security.gentoo.org/glsa/201409-04

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.14.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.14.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3

aliases CVE-2013-2134, GHSA-gqqm-564f-vvxq

risk_score 10.0

exploitability 2.0

weighted_severity 8.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6241-shkt-s7ew

url VCID-6hrc-fm64-ckhf

vulnerability_id VCID-6hrc-fm64-ckhf

summary Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2162

reference_id

reference_type

scores

value	0.01235
scoring_system	epss
scoring_elements	0.79227
published_at	2026-04-18T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.79154
published_at	2026-04-01T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.7916
published_at	2026-04-02T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.79185
published_at	2026-04-04T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.79171
published_at	2026-04-07T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.79196
published_at	2026-04-08T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.79204
published_at	2026-04-13T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.79228
published_at	2026-04-21T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.79213
published_at	2026-04-12T12:55:00Z

value	0.01235
scoring_system	epss
scoring_elements	0.7923
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2162

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java

reference_url

https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2162

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2162

reference_url

http://struts.apache.org/docs/s2-030.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/docs/s2-030.html

reference_url

https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070

reference_url

https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272

reference_url	http://www.securityfocus.com/bid/85070
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/85070

reference_url	http://www.securitytracker.com/id/1035272
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035272

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1326724
reference_id	1326724
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1326724

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2_beta:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2_beta:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2_beta:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*

reference_url

https://github.com/advisories/GHSA-2j4q-9fff-236j

reference_id

GHSA-2j4q-9fff-236j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2j4q-9fff-236j

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.28

purl pkg:maven/org.apache.struts/struts2-core@2.3.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-7fgd-jnfe-gkhp

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-czjh-bpfk-3yh6

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28

aliases CVE-2016-2162, GHSA-2j4q-9fff-236j

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6hrc-fm64-ckhf

url VCID-79j9-v8gz-rfax

vulnerability_id VCID-79j9-v8gz-rfax

summary

Remote code execution in Apache Struts
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

references

reference_url

http://jvn.jp/en/jp/JVN43969166/index.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

http://jvn.jp/en/jp/JVN43969166/index.html

reference_url

http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-17530

reference_id

reference_type

scores

value	0.94376
scoring_system	epss
scoring_elements	0.99967
published_at	2026-04-13T12:55:00Z

value	0.94376
scoring_system	epss
scoring_elements	0.99966
published_at	2026-04-21T12:55:00Z

value	0.94376
scoring_system	epss
scoring_elements	0.99968
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-17530

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-061

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-061

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210115-0005

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210115-0005

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

http://www.openwall.com/lists/oss-security/2022/04/12/6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

http://www.openwall.com/lists/oss-security/2022/04/12/6

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1905645
reference_id	1905645
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1905645

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-17530

reference_id

CVE-2020-17530

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-17530

reference_url

https://github.com/advisories/GHSA-jc35-q369-45pv

reference_id

GHSA-jc35-q369-45pv

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jc35-q369-45pv

reference_url

https://security.netapp.com/advisory/ntap-20210115-0005/

reference_id

ntap-20210115-0005

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://security.netapp.com/advisory/ntap-20210115-0005/

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.26

purl pkg:maven/org.apache.struts/struts2-core@2.5.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.26

aliases CVE-2020-17530, GHSA-jc35-q369-45pv

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-79j9-v8gz-rfax

url VCID-8bsh-bshc-vkgq

vulnerability_id VCID-8bsh-bshc-vkgq

summary

Apache Struts forced double OGNL evaluation
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4461

reference_id

reference_type

scores

value	0.01704
scoring_system	epss
scoring_elements	0.8234
published_at	2026-04-21T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82235
published_at	2026-04-01T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82248
published_at	2026-04-02T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82267
published_at	2026-04-04T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82262
published_at	2026-04-07T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82288
published_at	2026-04-08T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82296
published_at	2026-04-09T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82315
published_at	2026-04-11T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82309
published_at	2026-04-12T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82304
published_at	2026-04-13T12:55:00Z

value	0.01704
scoring_system	epss
scoring_elements	0.82338
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4461

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180629-0004

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180629-0004

reference_url	https://security.netapp.com/advisory/ntap-20180629-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180629-0004/

reference_url

https://struts.apache.org/docs/s2-036.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-036.html

reference_url	http://www.securityfocus.com/bid/91277
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/91277

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:::::::*
reference_id	cpe:2.3:a:netapp:oncommand_balance:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4461

reference_id

CVE-2016-4461

reference_type

scores

value	9.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:C/I:C/A:C

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4461

reference_url

https://github.com/advisories/GHSA-864w-r5qj-h6fj

reference_id

GHSA-864w-r5qj-h6fj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-864w-r5qj-h6fj

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.29

purl pkg:maven/org.apache.struts/struts2-core@2.3.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29

aliases CVE-2016-4461, GHSA-864w-r5qj-h6fj

risk_score 4.0

exploitability 0.5

weighted_severity 8.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8bsh-bshc-vkgq

url VCID-95ts-vpk6-uubg

vulnerability_id VCID-95ts-vpk6-uubg

summary

Apache Struts has a Denial of Service vulnerability
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-66675

reference_id

reference_type

scores

value	0.00124
scoring_system	epss
scoring_elements	0.31599
published_at	2026-04-08T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31685
published_at	2026-04-02T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31628
published_at	2026-04-09T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31729
published_at	2026-04-04T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31547
published_at	2026-04-07T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40733
published_at	2026-04-13T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40752
published_at	2026-04-12T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40786
published_at	2026-04-11T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.4067
published_at	2026-04-21T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40748
published_at	2026-04-18T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40778
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-66675

reference_url

https://cve.org/CVERecord?id=CVE-2025-64775

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/

url

https://cve.org/CVERecord?id=CVE-2025-64775

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-068

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-068

reference_url

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468

reference_url

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-66675

reference_id

CVE-2025-66675

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-66675

reference_url

https://github.com/advisories/GHSA-rg58-xhh7-mqjw

reference_id

GHSA-rg58-xhh7-mqjw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rg58-xhh7-mqjw

fixed_packages

url	pkg:maven/org.apache.struts/struts2-core@6.8.0
purl	pkg:maven/org.apache.struts/struts2-core@6.8.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0

url	pkg:maven/org.apache.struts/struts2-core@7.1.1
purl	pkg:maven/org.apache.struts/struts2-core@7.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1

aliases CVE-2025-66675, GHSA-rg58-xhh7-mqjw

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95ts-vpk6-uubg

url VCID-at5c-f8p8-67fh

vulnerability_id VCID-at5c-f8p8-67fh

summary Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4003

reference_id

reference_type

scores

value	0.02629
scoring_system	epss
scoring_elements	0.85608
published_at	2026-04-01T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85705
published_at	2026-04-21T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85711
published_at	2026-04-18T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85706
published_at	2026-04-16T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85684
published_at	2026-04-13T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85687
published_at	2026-04-12T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85691
published_at	2026-04-11T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85677
published_at	2026-04-09T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85665
published_at	2026-04-08T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85645
published_at	2026-04-07T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.85638
published_at	2026-04-04T12:55:00Z

value	0.02629
scoring_system	epss
scoring_elements	0.8562
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4003

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc

reference_url

https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9

reference_url

https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e

reference_url

https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2

reference_url

https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c

reference_url

https://issues.apache.org/jira/browse/WW-4507

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/WW-4507

reference_url

http://struts.apache.org/docs/s2-028.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/docs/s2-028.html

reference_url

https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311

reference_url

https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268

reference_url	http://www.securityfocus.com/bid/86311
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/86311

reference_url	http://www.securitytracker.com/id/1035268
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035268

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1326725
reference_id	1326725
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1326725

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4003

reference_id

CVE-2016-4003

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4003

reference_url

https://github.com/advisories/GHSA-m3x6-9v6h-4g28

reference_id

GHSA-m3x6-9v6h-4g28

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m3x6-9v6h-4g28

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.24.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3

url pkg:maven/org.apache.struts/struts2-core@2.3.28

purl pkg:maven/org.apache.struts/struts2-core@2.3.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-7fgd-jnfe-gkhp

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-czjh-bpfk-3yh6

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28

aliases CVE-2016-4003, GHSA-m3x6-9v6h-4g28

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-at5c-f8p8-67fh

url VCID-b59n-uxft-4qgz

vulnerability_id VCID-b59n-uxft-4qgz

summary Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

references

reference_url

http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4316

reference_id

reference_type

scores

value	0.06168
scoring_system	epss
scoring_elements	0.90856
published_at	2026-04-21T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90823
published_at	2026-04-08T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90829
published_at	2026-04-09T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90838
published_at	2026-04-12T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90836
published_at	2026-04-13T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.9086
published_at	2026-04-16T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90858
published_at	2026-04-18T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90784
published_at	2026-04-01T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90789
published_at	2026-04-02T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90801
published_at	2026-04-04T12:55:00Z

value	0.06168
scoring_system	epss
scoring_elements	0.90812
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4316

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1

reference_url

https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4316

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4316

reference_url	http://struts.apache.org/docs/s2-019.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-019.html

reference_url

http://struts.apache.org/release/2.3.x/docs/s2-019.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/release/2.3.x/docs/s2-019.html

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1013036
reference_id	1013036
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1013036

reference_url

https://github.com/advisories/GHSA-j7h6-xr7g-m2c5

reference_id

GHSA-j7h6-xr7g-m2c5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j7h6-xr7g-m2c5

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.15.2

purl pkg:maven/org.apache.struts/struts2-core@2.3.15.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.2

aliases CVE-2013-4316, GHSA-j7h6-xr7g-m2c5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b59n-uxft-4qgz

url VCID-d8as-n8hc-j3fj

vulnerability_id VCID-d8as-n8hc-j3fj

summary

Apache Struts directory traversal vulnerability
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a `..%252f` (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.

references

reference_url

http://issues.apache.org/struts/browse/WW-2779

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://issues.apache.org/struts/browse/WW-2779

reference_url	http://osvdb.org/49733
reference_id
reference_type
scores
url	http://osvdb.org/49733

reference_url	http://osvdb.org/49734
reference_id
reference_type
scores
url	http://osvdb.org/49734

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-6505

reference_id

reference_type

scores

value	0.82879
scoring_system	epss
scoring_elements	0.99252
published_at	2026-04-21T12:55:00Z

value	0.82879
scoring_system	epss
scoring_elements	0.99251
published_at	2026-04-12T12:55:00Z

value	0.82879
scoring_system	epss
scoring_elements	0.9925
published_at	2026-04-13T12:55:00Z

value	0.82879
scoring_system	epss
scoring_elements	0.99249
published_at	2026-04-08T12:55:00Z

value	0.82879
scoring_system	epss
scoring_elements	0.99248
published_at	2026-04-07T12:55:00Z

value	0.82879
scoring_system	epss
scoring_elements	0.99244
published_at	2026-04-04T12:55:00Z

value	0.82879
scoring_system	epss
scoring_elements	0.9924
published_at	2026-04-01T12:55:00Z

value	0.82879
scoring_system	epss
scoring_elements	0.99242
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-6505

reference_url	http://secunia.com/advisories/32497
reference_id
reference_type
scores
url	http://secunia.com/advisories/32497

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/04fcefa44bae1263c7cad6986a9dafed67f0164f

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/04fcefa44bae1263c7cad6986a9dafed67f0164f

reference_url

https://github.com/apache/struts/commit/1f1c996eb1f0f3e2193fba0075f62ccd04e3c0c3

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/1f1c996eb1f0f3e2193fba0075f62ccd04e3c0c3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-6505

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2008-6505

reference_url

http://struts.apache.org/2.x/docs/s2-004.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/2.x/docs/s2-004.html

reference_url

https://web.archive.org/web/20081208214512/http://secunia.com/advisories/32497

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081208214512/http://secunia.com/advisories/32497

reference_url

https://web.archive.org/web/20111025094319/http://www.securityfocus.com/bid/32104

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20111025094319/http://www.securityfocus.com/bid/32104

reference_url	http://www.securityfocus.com/bid/32104
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/32104

reference_url	http://www.vupen.com/english/advisories/2008/3003
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/3003

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2_beta:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2_beta:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2_beta:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32565.txt
reference_id	CVE-2008-6505;OSVDB-49734
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32565.txt

reference_url	https://www.securityfocus.com/bid/32104/info
reference_id	CVE-2008-6505;OSVDB-49734
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/32104/info

reference_url

https://github.com/advisories/GHSA-wv7g-xhvw-8hcp

reference_id

GHSA-wv7g-xhvw-8hcp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wv7g-xhvw-8hcp

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.0.12

purl pkg:maven/org.apache.struts/struts2-core@2.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.12

url	pkg:maven/org.apache.struts/struts2-core@2.1.3
purl	pkg:maven/org.apache.struts/struts2-core@2.1.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.3

url pkg:maven/org.apache.struts/struts2-core@2.1.6

purl pkg:maven/org.apache.struts/struts2-core@2.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.6

aliases CVE-2008-6505, GHSA-wv7g-xhvw-8hcp

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d8as-n8hc-j3fj

url VCID-fv6w-cdtc-kkhx

vulnerability_id VCID-fv6w-cdtc-kkhx

summary

Struts ParameterInterceptor vulnerability allows remote command execution
Regular expression in ParametersInterceptor matches `top['foo'](0)` as a valid expression, which OGNL treats as `(top['foo'])(0)` and evaluates the value of 'foo' action parameter as an OGNL expression. This lets malicious users put arbitrary OGNL statements into any String variable exposed by an action and have it evaluated as an OGNL expression and since OGNL statement is in HTTP parameter value attacker can use blacklisted characters (e.g. #) to disable method execution and execute arbitrary methods, bypassing the ParametersInterceptor and OGNL library protections.

references

reference_url

http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-3923

reference_id

reference_type

scores

value	0.91054
scoring_system	epss
scoring_elements	0.99643
published_at	2026-04-21T12:55:00Z

value	0.91054
scoring_system	epss
scoring_elements	0.99638
published_at	2026-04-04T12:55:00Z

value	0.91054
scoring_system	epss
scoring_elements	0.99637
published_at	2026-04-02T12:55:00Z

value	0.91054
scoring_system	epss
scoring_elements	0.9964
published_at	2026-04-13T12:55:00Z

value	0.91054
scoring_system	epss
scoring_elements	0.99641
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-3923

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923

reference_url	http://seclists.org/fulldisclosure/2014/Jul/38
reference_id
reference_type
scores
url	http://seclists.org/fulldisclosure/2014/Jul/38

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/72585

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/72585

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-3923

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-3923

reference_url

https://security-tracker.debian.org/tracker/CVE-2011-3923

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security-tracker.debian.org/tracker/CVE-2011-3923

reference_url

http://struts.apache.org/development/2.x/docs/s2-009.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/development/2.x/docs/s2-009.html

reference_url	http://struts.apache.org/docs/s2-009.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-009.html

reference_url

https://web.archive.org/web/20140725074137/http://seclists.org/fulldisclosure/2014/Jul/38

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140725074137/http://seclists.org/fulldisclosure/2014/Jul/38

reference_url	http://www.exploit-db.com/exploits/24874
reference_id
reference_type
scores
url	http://www.exploit-db.com/exploits/24874

reference_url	http://www.securityfocus.com/bid/51628
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/51628

reference_url	http://www.securitytracker.com/id?1026575
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1026575

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24874.rb
reference_id	CVE-2011-3923;OSVDB-78501
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24874.rb

reference_url

https://github.com/advisories/GHSA-j68f-8h6p-9h5q

reference_id

GHSA-j68f-8h6p-9h5q

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j68f-8h6p-9h5q

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.1.2

purl pkg:maven/org.apache.struts/struts2-core@2.3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.1.2

aliases CVE-2011-3923, GHSA-j68f-8h6p-9h5q

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fv6w-cdtc-kkhx

url VCID-gfxq-vtry-bqgg

vulnerability_id VCID-gfxq-vtry-bqgg

summary

Files or Directories Accessible to External Parties
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

references

reference_url

http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50164

reference_id

reference_type

scores

value	0.92864
scoring_system	epss
scoring_elements	0.99769
published_at	2026-04-21T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99842
published_at	2026-04-07T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99841
published_at	2026-04-02T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99844
published_at	2026-04-13T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99843
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50164

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-066

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-066

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163

reference_url

https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6

reference_url

https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj

reference_url

https://security.netapp.com/advisory/ntap-20231214-0010

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231214-0010

reference_url

https://www.openwall.com/lists/oss-security/2023/12/07/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2023/12/07/1

reference_url

http://www.openwall.com/lists/oss-security/2023/12/07/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/12/07/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2253938
reference_id	2253938
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2253938

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-50164

reference_id

CVE-2023-50164

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-50164

reference_url

https://github.com/advisories/GHSA-2j39-qcjm-428w

reference_id

GHSA-2j39-qcjm-428w

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2j39-qcjm-428w

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.33

purl pkg:maven/org.apache.struts/struts2-core@2.5.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-j8jv-hzsy-nyec

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.33

url pkg:maven/org.apache.struts/struts2-core@6.3.0.2

purl pkg:maven/org.apache.struts/struts2-core@6.3.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.3.0.2

aliases CVE-2023-50164, GHSA-2j39-qcjm-428w

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfxq-vtry-bqgg

url VCID-hgj2-vqzn-gyeb

vulnerability_id VCID-hgj2-vqzn-gyeb

summary

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-31805

reference_id

reference_type

scores

value	0.93956
scoring_system	epss
scoring_elements	0.99886
published_at	2026-04-21T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99883
published_at	2026-04-07T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99885
published_at	2026-04-13T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99884
published_at	2026-04-12T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99881
published_at	2026-04-01T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99882
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-31805

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-062

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-062

reference_url

https://security.netapp.com/advisory/ntap-20220420-0001

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220420-0001

reference_url	https://security.netapp.com/advisory/ntap-20220420-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220420-0001/

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

http://www.openwall.com/lists/oss-security/2022/04/12/6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/04/12/6

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2074788
reference_id	2074788
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2074788

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-31805

reference_id

CVE-2021-31805

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-31805

reference_url

https://github.com/advisories/GHSA-v8j6-6c2r-r27c

reference_id

GHSA-v8j6-6c2r-r27c

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v8j6-6c2r-r27c

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.30

purl pkg:maven/org.apache.struts/struts2-core@2.5.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.30

aliases CVE-2021-31805, GHSA-v8j6-6c2r-r27c

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgj2-vqzn-gyeb

url VCID-hkjh-35ye-1ugj

vulnerability_id VCID-hkjh-35ye-1ugj

summary Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2115

reference_id

reference_type

scores

value	0.87487
scoring_system	epss
scoring_elements	0.99454
published_at	2026-04-01T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99469
published_at	2026-04-21T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99468
published_at	2026-04-16T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99465
published_at	2026-04-13T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99464
published_at	2026-04-11T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99463
published_at	2026-04-09T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99462
published_at	2026-04-08T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99461
published_at	2026-04-07T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99459
published_at	2026-04-04T12:55:00Z

value	0.8761
scoring_system	epss
scoring_elements	0.99457
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2115

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-013

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-013

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-014

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-014

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650

reference_url

https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d

reference_url

https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6

reference_url

https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474

reference_url

https://issues.apache.org/jira/browse/WW-4063

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/WW-4063

reference_url

http://struts.apache.org/development/2.x/docs/s2-014.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/development/2.x/docs/s2-014.html

reference_url	http://struts.apache.org/docs/s2-014.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-014.html

reference_url

https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167

reference_url	http://www.securityfocus.com/bid/60167
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/60167

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2115

reference_id

CVE-2013-2115

reference_type

scores

value	9.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:C/I:C/A:C

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2115

reference_url

https://github.com/advisories/GHSA-7ghm-rpc7-p7g5

reference_id

GHSA-7ghm-rpc7-p7g5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7ghm-rpc7-p7g5

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.14.2

purl pkg:maven/org.apache.struts/struts2-core@2.3.14.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2

aliases CVE-2013-2115, GHSA-7ghm-rpc7-p7g5

risk_score 10.0

exploitability 2.0

weighted_severity 8.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkjh-35ye-1ugj

url VCID-j5su-cnqd-6yad

vulnerability_id VCID-j5su-cnqd-6yad

summary Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-0785

reference_id

reference_type

scores

value	0.17798
scoring_system	epss
scoring_elements	0.95104
published_at	2026-04-02T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95107
published_at	2026-04-07T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95105
published_at	2026-04-04T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95093
published_at	2026-04-01T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95141
published_at	2026-04-21T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95139
published_at	2026-04-18T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95136
published_at	2026-04-16T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95128
published_at	2026-04-13T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95125
published_at	2026-04-12T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95123
published_at	2026-04-11T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95118
published_at	2026-04-09T12:55:00Z

value	0.17798
scoring_system	epss
scoring_elements	0.95114
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0785

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364

reference_url

http://struts.apache.org/docs/s2-029.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/docs/s2-029.html

reference_url

https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066

reference_url

https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271

reference_url	http://www.securityfocus.com/bid/85066
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/85066

reference_url	http://www.securitytracker.com/id/1035271
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035271

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1326720
reference_id	1326720
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1326720

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-0785

reference_id

CVE-2016-0785

reference_type

scores

value	9.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:C/I:C/A:C

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-0785

reference_url

https://github.com/advisories/GHSA-876p-4wgc-75rx

reference_id

GHSA-876p-4wgc-75rx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-876p-4wgc-75rx

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.20.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.20.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3

url pkg:maven/org.apache.struts/struts2-core@2.3.24.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3

url pkg:maven/org.apache.struts/struts2-core@2.3.28

purl pkg:maven/org.apache.struts/struts2-core@2.3.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-7fgd-jnfe-gkhp

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-czjh-bpfk-3yh6

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28

aliases CVE-2016-0785, GHSA-876p-4wgc-75rx

risk_score 4.0

exploitability 0.5

weighted_severity 8.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j5su-cnqd-6yad

url VCID-j8jv-hzsy-nyec

vulnerability_id VCID-j8jv-hzsy-nyec

summary

Apache Struts is Vulnerable to DoS via File Leak
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64775.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64775.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64775

reference_id

reference_type

scores

value	0.00193
scoring_system	epss
scoring_elements	0.41176
published_at	2026-04-21T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41248
published_at	2026-04-18T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41199
published_at	2026-04-07T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41274
published_at	2026-04-04T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41249
published_at	2026-04-08T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41277
published_at	2026-04-16T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41233
published_at	2026-04-13T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41247
published_at	2026-04-12T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41278
published_at	2026-04-11T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41245
published_at	2026-04-02T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41257
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64775

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-068

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:22:57Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-068

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/12/01/2

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/12/01/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2418059
reference_id	2418059
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2418059

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-64775

reference_id

CVE-2025-64775

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-64775

reference_url

https://github.com/advisories/GHSA-xx7v-hqxh-cjr9

reference_id

GHSA-xx7v-hqxh-cjr9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xx7v-hqxh-cjr9

fixed_packages

url	pkg:maven/org.apache.struts/struts2-core@6.8.0
purl	pkg:maven/org.apache.struts/struts2-core@6.8.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0

url	pkg:maven/org.apache.struts/struts2-core@7.1.1
purl	pkg:maven/org.apache.struts/struts2-core@7.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1

aliases CVE-2025-64775, GHSA-xx7v-hqxh-cjr9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8jv-hzsy-nyec

url VCID-k6mz-k1yb-4uej

vulnerability_id VCID-k6mz-k1yb-4uej

summary

CSRF protection bypass
The token check mechanism in this package does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-4386

reference_id

reference_type

scores

value	0.03235
scoring_system	epss
scoring_elements	0.87045
published_at	2026-04-07T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87065
published_at	2026-04-08T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87096
published_at	2026-04-18T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87092
published_at	2026-04-21T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87076
published_at	2026-04-13T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87081
published_at	2026-04-12T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87022
published_at	2026-04-01T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87086
published_at	2026-04-11T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87033
published_at	2026-04-02T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87073
published_at	2026-04-09T12:55:00Z

value	0.03235
scoring_system	epss
scoring_elements	0.87052
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4386

reference_url	http://secunia.com/advisories/50420
reference_id
reference_type
scores
url	http://secunia.com/advisories/50420

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/78182

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/78182

reference_url

https://issues.apache.org/jira/browse/WW-3858

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/WW-3858

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-4386

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-4386

reference_url

http://struts.apache.org/2.x/docs/s2-010.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/2.x/docs/s2-010.html

reference_url	http://struts.apache.org/docs/s2-010.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-010.html

reference_url

http://www.openwall.com/lists/oss-security/2012/09/01/4

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/09/01/4

reference_url

http://www.openwall.com/lists/oss-security/2012/09/01/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/09/01/5

reference_url	http://www.securityfocus.com/bid/55346
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/55346

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*

reference_url

https://github.com/advisories/GHSA-2rvh-q539-q33v

reference_id

GHSA-2rvh-q539-q33v

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2rvh-q539-q33v

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.4.1

purl pkg:maven/org.apache.struts/struts2-core@2.3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1

aliases CVE-2012-4386, GHSA-2rvh-q539-q33v

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k6mz-k1yb-4uej

url VCID-kdsa-599r-eud7

vulnerability_id VCID-kdsa-599r-eud7

summary The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.

references

reference_url

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045

reference_url

http://jvn.jp/en/jp/JVN19294237/index.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jvn.jp/en/jp/JVN19294237/index.html

reference_url

http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0094

reference_id

reference_type

scores

value	0.93134
scoring_system	epss
scoring_elements	0.99796
published_at	2026-04-13T12:55:00Z

value	0.93134
scoring_system	epss
scoring_elements	0.99795
published_at	2026-04-08T12:55:00Z

value	0.93134
scoring_system	epss
scoring_elements	0.99794
published_at	2026-04-04T12:55:00Z

value	0.93134
scoring_system	epss
scoring_elements	0.99799
published_at	2026-04-21T12:55:00Z

value	0.93134
scoring_system	epss
scoring_elements	0.99798
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0094

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f

reference_url

https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62

reference_url	https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147

reference_url	http://struts.apache.org/docs/s2-021.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-021.html

reference_url

http://struts.apache.org/release/2.3.x/docs/s2-020.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/release/2.3.x/docs/s2-020.html

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113

reference_url

http://www-01.ibm.com/support/docview.wss?uid=swg21676706

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=swg21676706

reference_url

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

reference_url

http://www.konakart.com/downloads/ver-7-3-0-0-whats-new

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.konakart.com/downloads/ver-7-3-0-0-whats-new

reference_url

http://www.vmware.com/security/advisories/VMSA-2014-0007.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.vmware.com/security/advisories/VMSA-2014-0007.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1073716
reference_id	1073716
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1073716

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0094

reference_id

CVE-2014-0094

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0094

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb
reference_id	CVE-2014-0113;CVE-2014-0112;CVE-2014-0094;OSVDB-103918
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb

reference_url	https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb
reference_id	CVE-2014-0114;CVE-2014-0112;CVE-2014-0094
reference_type	exploit
scores
url	https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb
reference_id	CVE-2014-0114;CVE-2014-0112;CVE-2014-0094
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb

reference_url

https://github.com/advisories/GHSA-vrwc-qjmw-5rjm

reference_id

GHSA-vrwc-qjmw-5rjm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vrwc-qjmw-5rjm

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.16.2

purl pkg:maven/org.apache.struts/struts2-core@2.3.16.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2

aliases CVE-2014-0094, GHSA-vrwc-qjmw-5rjm

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kdsa-599r-eud7

url VCID-p9xh-frm5-8ucp

vulnerability_id VCID-p9xh-frm5-8ucp

summary The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1831.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1831.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-1831

reference_id

reference_type

scores

value	0.04514
scoring_system	epss
scoring_elements	0.89158
published_at	2026-04-21T12:55:00Z

value	0.04514
scoring_system	epss
scoring_elements	0.89144
published_at	2026-04-09T12:55:00Z

value	0.04514
scoring_system	epss
scoring_elements	0.89155
published_at	2026-04-11T12:55:00Z

value	0.04514
scoring_system	epss
scoring_elements	0.89151
published_at	2026-04-12T12:55:00Z

value	0.04514
scoring_system	epss
scoring_elements	0.89149
published_at	2026-04-13T12:55:00Z

value	0.04514
scoring_system	epss
scoring_elements	0.89161
published_at	2026-04-18T12:55:00Z

value	0.04514
scoring_system	epss
scoring_elements	0.89096
published_at	2026-04-01T12:55:00Z

value	0.04514
scoring_system	epss
scoring_elements	0.89104
published_at	2026-04-02T12:55:00Z

value	0.04514
scoring_system	epss
scoring_elements	0.89119
published_at	2026-04-04T12:55:00Z

value	0.04514
scoring_system	epss
scoring_elements	0.89121
published_at	2026-04-07T12:55:00Z

value	0.04514
scoring_system	epss
scoring_elements	0.89139
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1831

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/d832747d647df343ed07a58b1b5e540a05a4d51b

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/d832747d647df343ed07a58b1b5e540a05a4d51b

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-1831

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-1831

reference_url

https://struts.apache.org/docs/s2-024.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-024.html

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1831
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1831

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1222515
reference_id	1222515
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1222515

reference_url

https://github.com/advisories/GHSA-q2cg-xf9p-h457

reference_id

GHSA-q2cg-xf9p-h457

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q2cg-xf9p-h457

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.20.1

purl pkg:maven/org.apache.struts/struts2-core@2.3.20.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-7fgd-jnfe-gkhp

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-czjh-bpfk-3yh6

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-sf53-bgb2-7ue2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.1

aliases CVE-2015-1831, GHSA-q2cg-xf9p-h457

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p9xh-frm5-8ucp

url VCID-skbn-jggt-uffg

vulnerability_id VCID-skbn-jggt-uffg

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-6682

reference_id

reference_type

scores

value	0.0143
scoring_system	epss
scoring_elements	0.80685
published_at	2026-04-21T12:55:00Z

value	0.0143
scoring_system	epss
scoring_elements	0.80595
published_at	2026-04-01T12:55:00Z

value	0.0143
scoring_system	epss
scoring_elements	0.80603
published_at	2026-04-02T12:55:00Z

value	0.0143
scoring_system	epss
scoring_elements	0.80625
published_at	2026-04-04T12:55:00Z

value	0.0143
scoring_system	epss
scoring_elements	0.80619
published_at	2026-04-07T12:55:00Z

value	0.0143
scoring_system	epss
scoring_elements	0.80646
published_at	2026-04-08T12:55:00Z

value	0.0143
scoring_system	epss
scoring_elements	0.80656
published_at	2026-04-09T12:55:00Z

value	0.0143
scoring_system	epss
scoring_elements	0.80672
published_at	2026-04-11T12:55:00Z

value	0.0143
scoring_system	epss
scoring_elements	0.80659
published_at	2026-04-12T12:55:00Z

value	0.0143
scoring_system	epss
scoring_elements	0.80651
published_at	2026-04-13T12:55:00Z

value	0.0143
scoring_system	epss
scoring_elements	0.8068
published_at	2026-04-16T12:55:00Z

value	0.0143
scoring_system	epss
scoring_elements	0.80682
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-6682

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/09147ffad2b3046ed21af0f524c5088e2ac551e6

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/09147ffad2b3046ed21af0f524c5088e2ac551e6

reference_url

https://github.com/apache/struts/commit/bd3f2f59c9b09f70aed3ebab6bb69b464ee2d6cb

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/bd3f2f59c9b09f70aed3ebab6bb69b464ee2d6cb

reference_url

https://github.com/apache/struts/commit/dae026a0f0511f83852053bae9d5a622e7f80486

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/dae026a0f0511f83852053bae9d5a622e7f80486

reference_url

https://issues.apache.org/struts/browse/WW-2414

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/struts/browse/WW-2414

reference_url

https://issues.apache.org/struts/browse/WW-2427

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/struts/browse/WW-2427

reference_url

https://web.archive.org/web/20080610075918/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449i20.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080610075918/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449i20.html

reference_url

https://web.archive.org/web/20080611112834/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080611112834/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449.html

reference_url

https://web.archive.org/web/20200229155553/http://www.securityfocus.com/bid/34686

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200229155553/http://www.securityfocus.com/bid/34686

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-6682

reference_id

CVE-2008-6682

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2008-6682

reference_url

https://github.com/advisories/GHSA-jgcr-9c2q-rvp8

reference_id

GHSA-jgcr-9c2q-rvp8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jgcr-9c2q-rvp8

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.0.11.1

purl pkg:maven/org.apache.struts/struts2-core@2.0.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-d8as-n8hc-j3fj

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.11.1

url pkg:maven/org.apache.struts/struts2-core@2.1.1

purl pkg:maven/org.apache.struts/struts2-core@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bgbt-j1n9-6yg5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.1

aliases CVE-2008-6682, GHSA-jgcr-9c2q-rvp8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-skbn-jggt-uffg

url VCID-tgd1-s1yg-9fdt

vulnerability_id VCID-tgd1-s1yg-9fdt

summary

Apache Struts 2 is Missing XML Validation
Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-68493

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07712
published_at	2026-04-21T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07615
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0764
published_at	2026-04-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07673
published_at	2026-04-08T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07572
published_at	2026-04-18T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07585
published_at	2026-04-16T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0766
published_at	2026-04-13T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07676
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0769
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07598
published_at	2026-04-02T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07691
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-68493

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-069

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-069

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-68493

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-68493

reference_url

http://www.openwall.com/lists/oss-security/2026/01/11/2

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/01/11/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2428559
reference_id	2428559
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2428559

reference_url

https://github.com/advisories/GHSA-qcfc-hmrc-59x7

reference_id

GHSA-qcfc-hmrc-59x7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qcfc-hmrc-59x7

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5-BETA1

purl pkg:maven/org.apache.struts/struts2-core@2.5-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5-BETA1

url pkg:maven/org.apache.struts/struts2-core@6.1.1

purl pkg:maven/org.apache.struts/struts2-core@6.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.1

aliases CVE-2025-68493, GHSA-qcfc-hmrc-59x7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgd1-s1yg-9fdt

url VCID-vkb9-11h4-dugp

vulnerability_id VCID-vkb9-11h4-dugp

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1966

reference_id

reference_type

scores

value	0.91096
scoring_system	epss
scoring_elements	0.99642
published_at	2026-04-07T12:55:00Z

value	0.91096
scoring_system	epss
scoring_elements	0.99647
published_at	2026-04-21T12:55:00Z

value	0.91096
scoring_system	epss
scoring_elements	0.99641
published_at	2026-04-04T12:55:00Z

value	0.91096
scoring_system	epss
scoring_elements	0.99643
published_at	2026-04-12T12:55:00Z

value	0.91096
scoring_system	epss
scoring_elements	0.9964
published_at	2026-04-02T12:55:00Z

value	0.91096
scoring_system	epss
scoring_elements	0.99646
published_at	2026-04-18T12:55:00Z

value	0.91096
scoring_system	epss
scoring_elements	0.99644
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1966

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-013

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-013

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56

reference_url

http://struts.apache.org/development/2.x/docs/s2-013.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/development/2.x/docs/s2-013.html

reference_url	http://struts.apache.org/docs/s2-013.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-013.html

reference_url	http://struts.apache.org/docs/s2-014.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-014.html

reference_url	http://www.securityfocus.com/bid/60166
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/60166

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1966

reference_id

CVE-2013-1966

reference_type

scores

value	9.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:C/I:C/A:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1966

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb
reference_id	CVE-2013-2115;OSVDB-93645;CVE-2013-1966
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb

reference_url

https://github.com/advisories/GHSA-737w-mh58-cxjp

reference_id

GHSA-737w-mh58-cxjp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-737w-mh58-cxjp

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.14.2

purl pkg:maven/org.apache.struts/struts2-core@2.3.14.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2

aliases CVE-2013-1966, GHSA-737w-mh58-cxjp

risk_score 10.0

exploitability 2.0

weighted_severity 8.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vkb9-11h4-dugp

url VCID-vnkw-9fa2-zqcm

vulnerability_id VCID-vnkw-9fa2-zqcm

summary Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2135

reference_id

reference_type

scores

value	0.83013
scoring_system	epss
scoring_elements	0.99247
published_at	2026-04-02T12:55:00Z

value	0.83013
scoring_system	epss
scoring_elements	0.99258
published_at	2026-04-21T12:55:00Z

value	0.83013
scoring_system	epss
scoring_elements	0.99257
published_at	2026-04-18T12:55:00Z

value	0.83013
scoring_system	epss
scoring_elements	0.99256
published_at	2026-04-12T12:55:00Z

value	0.83013
scoring_system	epss
scoring_elements	0.99255
published_at	2026-04-13T12:55:00Z

value	0.83013
scoring_system	epss
scoring_elements	0.99254
published_at	2026-04-08T12:55:00Z

value	0.83013
scoring_system	epss
scoring_elements	0.99253
published_at	2026-04-07T12:55:00Z

value	0.83013
scoring_system	epss
scoring_elements	0.9925
published_at	2026-04-04T12:55:00Z

value	0.83013
scoring_system	epss
scoring_elements	0.99245
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2135

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-015

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-015

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0

reference_url	https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0

reference_url

https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f

reference_url

https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c

reference_url	https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe

reference_url

https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3

reference_url

https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba

reference_url	https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3

reference_url

https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37

reference_url	https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1

reference_url

https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/development/2.x/docs/s2-015.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/development/2.x/docs/s2-015.html

reference_url	http://struts.apache.org/docs/s2-015.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-015.html

reference_url

https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758

reference_url

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

reference_url

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

reference_url	http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/64758

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::
reference_id	cpe:2.3:a:apache:struts::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2135

reference_id

CVE-2013-2135

reference_type

scores

value	9.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:C/I:C/A:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2135

reference_url

https://github.com/advisories/GHSA-pw8r-x2qm-3h5m

reference_id

GHSA-pw8r-x2qm-3h5m

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pw8r-x2qm-3h5m

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.14.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.14.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3

aliases CVE-2013-2135, GHSA-pw8r-x2qm-3h5m

risk_score 10.0

exploitability 2.0

weighted_severity 8.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vnkw-9fa2-zqcm

url VCID-ygbu-vb2t-jqhx

vulnerability_id VCID-ygbu-vb2t-jqhx

summary Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4436

reference_id

reference_type

scores

value	0.05743
scoring_system	epss
scoring_elements	0.90416
published_at	2026-04-02T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90428
published_at	2026-04-04T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90413
published_at	2026-04-01T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90465
published_at	2026-04-21T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90467
published_at	2026-04-18T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90468
published_at	2026-04-16T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.9046
published_at	2026-04-12T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90461
published_at	2026-04-11T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90453
published_at	2026-04-13T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90447
published_at	2026-04-08T12:55:00Z

value	0.05743
scoring_system	epss
scoring_elements	0.90433
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4436

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5

reference_url

https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4436

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4436

reference_url

https://struts.apache.org/docs/s2-035.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-035.html

reference_url

https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280

reference_url	https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/
reference_id
reference_type
scores
url	https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/

reference_url

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282

reference_url

http://www-01.ibm.com/support/docview.wss?uid=swg21987854

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=swg21987854

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1348233
reference_id	1348233
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1348233

reference_url

https://github.com/advisories/GHSA-xm92-v2mq-842q

reference_id

GHSA-xm92-v2mq-842q

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xm92-v2mq-842q

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.29

purl pkg:maven/org.apache.struts/struts2-core@2.3.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29

url pkg:maven/org.apache.struts/struts2-core@2.5.1

purl pkg:maven/org.apache.struts/struts2-core@2.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-5qtg-djvn-97ht

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zkg1-bed6-bbfv

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1

aliases CVE-2016-4436, GHSA-xm92-v2mq-842q

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygbu-vb2t-jqhx

url VCID-zxww-8kb3-tufv

vulnerability_id VCID-zxww-8kb3-tufv

summary

Improper Preservation of Permissions in Apache Struts
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0233

reference_id

reference_type

scores

value	0.0778
scoring_system	epss
scoring_elements	0.91976
published_at	2026-04-21T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91924
published_at	2026-04-01T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91932
published_at	2026-04-02T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.9194
published_at	2026-04-04T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91946
published_at	2026-04-07T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91959
published_at	2026-04-08T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91964
published_at	2026-04-09T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91967
published_at	2026-04-11T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91966
published_at	2026-04-12T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91963
published_at	2026-04-13T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91982
published_at	2026-04-16T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91979
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0233

reference_url

https://cwiki.apache.org/confluence/display/ww/s2-060

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/ww/s2-060

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url