Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.struts/struts2-core@2.5.8

Type maven

Namespace org.apache.struts

Name struts2-core

Version 2.5.8

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.8.0

Latest_non_vulnerable_version 7.1.1

Affected_by_vulnerabilities

url VCID-3yq7-n972-j7dh

vulnerability_id VCID-3yq7-n972-j7dh

summary

Improperly Controlled Modification of Dynamically-Determined Object Attributes
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

references

reference_url

http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html

reference_url

http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0230

reference_id

reference_type

scores

value	0.93727
scoring_system	epss
scoring_elements	0.99848
published_at	2026-04-01T12:55:00Z

value	0.93727
scoring_system	epss
scoring_elements	0.99851
published_at	2026-04-18T12:55:00Z

value	0.93727
scoring_system	epss
scoring_elements	0.9985
published_at	2026-04-08T12:55:00Z

value	0.93727
scoring_system	epss
scoring_elements	0.99849
published_at	2026-04-04T12:55:00Z

value	0.93727
scoring_system	epss
scoring_elements	0.99852
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0230

reference_url

https://cwiki.apache.org/confluence/display/ww/s2-059

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/ww/s2-059

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://launchpad.support.sap.com/#/notes/2982840

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://launchpad.support.sap.com/#/notes/2982840

reference_url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1869672
reference_id	1869672
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1869672

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py
reference_id	CVE-2019-0230
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-0230

reference_id

CVE-2019-0230

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-0230

reference_url

https://github.com/advisories/GHSA-wp4h-pvgw-5727

reference_id

GHSA-wp4h-pvgw-5727

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wp4h-pvgw-5727

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.22

purl pkg:maven/org.apache.struts/struts2-core@2.5.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22

aliases CVE-2019-0230, GHSA-wp4h-pvgw-5727

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3yq7-n972-j7dh

url VCID-579w-2k2v-efa2

vulnerability_id VCID-579w-2k2v-efa2

summary In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12611

reference_id

reference_type

scores

value	0.94228
scoring_system	epss
scoring_elements	0.99927
published_at	2026-04-16T12:55:00Z

value	0.94228
scoring_system	epss
scoring_elements	0.99926
published_at	2026-04-18T12:55:00Z

value	0.94228
scoring_system	epss
scoring_elements	0.99925
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12611

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa

reference_url

https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f

reference_url

https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001

reference_url

https://struts.apache.org/docs/s2-053.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-053.html

reference_url

https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829

reference_url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt

reference_url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_url	http://www.securityfocus.com/bid/100829
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100829

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1489478
reference_id	1489478
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1489478

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.33:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1::::::

100

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2::::::

101

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3::::::

102

reference_url	https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py
reference_id	CVE-2017-12611
reference_type	exploit
scores
url	https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py

103

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py
reference_id	CVE-2017-12611
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py

104

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-12611

reference_id

CVE-2017-12611

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-12611

105

reference_url

https://github.com/advisories/GHSA-8fx9-5hx8-crhm

reference_id

GHSA-8fx9-5hx8-crhm

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8fx9-5hx8-crhm

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.10.1

purl pkg:maven/org.apache.struts/struts2-core@2.5.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zkg1-bed6-bbfv

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1

url	pkg:maven/org.apache.struts/struts2-core@2.5.11
purl	pkg:maven/org.apache.struts/struts2-core@2.5.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.11

url pkg:maven/org.apache.struts/struts2-core@2.5.12

purl pkg:maven/org.apache.struts/struts2-core@2.5.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12

aliases CVE-2017-12611, GHSA-8fx9-5hx8-crhm

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-579w-2k2v-efa2

url VCID-79j9-v8gz-rfax

vulnerability_id VCID-79j9-v8gz-rfax

summary

Remote code execution in Apache Struts
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

references

reference_url

http://jvn.jp/en/jp/JVN43969166/index.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

http://jvn.jp/en/jp/JVN43969166/index.html

reference_url

http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-17530

reference_id

reference_type

scores

value	0.94376
scoring_system	epss
scoring_elements	0.99967
published_at	2026-04-13T12:55:00Z

value	0.94376
scoring_system	epss
scoring_elements	0.99968
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-17530

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-061

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-061

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://security.netapp.com/advisory/ntap-20210115-0005

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210115-0005

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

http://www.openwall.com/lists/oss-security/2022/04/12/6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

http://www.openwall.com/lists/oss-security/2022/04/12/6

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1905645
reference_id	1905645
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1905645

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-17530

reference_id

CVE-2020-17530

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-17530

reference_url

https://github.com/advisories/GHSA-jc35-q369-45pv

reference_id

GHSA-jc35-q369-45pv

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jc35-q369-45pv

reference_url

https://security.netapp.com/advisory/ntap-20210115-0005/

reference_id

ntap-20210115-0005

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/

url

https://security.netapp.com/advisory/ntap-20210115-0005/

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.26

purl pkg:maven/org.apache.struts/struts2-core@2.5.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.26

aliases CVE-2020-17530, GHSA-jc35-q369-45pv

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-79j9-v8gz-rfax

url VCID-7c97-nj5a-hqb8

vulnerability_id VCID-7c97-nj5a-hqb8

summary

references

reference_url

http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

reference_url

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5638.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5638.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5638

reference_id

reference_type

scores

value	0.94267
scoring_system	epss
scoring_elements	0.99936
published_at	2026-04-04T12:55:00Z

value	0.94267
scoring_system	epss
scoring_elements	0.99937
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5638

reference_url

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-045

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-045

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-046

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-046

reference_url

https://exploit-db.com/exploits/41570

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://exploit-db.com/exploits/41570

reference_url

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a

reference_url

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228

reference_url

https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a

reference_url

https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a

reference_url	https://github.com/apache/struts/commit/6b8272ce47160036ed120a48345d9aa884477228
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/6b8272ce47160036ed120a48345d9aa884477228

reference_url

https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b

reference_url

https://github.com/mazen160/struts-pwn

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://github.com/mazen160/struts-pwn

reference_url

https://github.com/rapid7/metasploit-framework/issues/8064

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://github.com/rapid7/metasploit-framework/issues/8064

reference_url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us

reference_url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us

reference_url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us

reference_url

https://isc.sans.edu/diary/22169

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://isc.sans.edu/diary/22169

reference_url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E

reference_url

https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html

reference_url

https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt

reference_url

https://security.netapp.com/advisory/ntap-20170310-0001

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20170310-0001

reference_url

https://struts.apache.org/docs/s2-045.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://struts.apache.org/docs/s2-045.html

reference_url

https://struts.apache.org/docs/s2-046.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://struts.apache.org/docs/s2-046.html

reference_url

https://support.lenovo.com/us/en/product_security/len-14200

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://support.lenovo.com/us/en/product_security/len-14200

reference_url

https://twitter.com/theog150/status/841146956135124993

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://twitter.com/theog150/status/841146956135124993

reference_url

https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729

reference_url

https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5638

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5638

reference_url

https://www.exploit-db.com/exploits/41614

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/41614

reference_url

https://www.kb.cert.org/vuls/id/834067

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://www.kb.cert.org/vuls/id/834067

reference_url

https://www.symantec.com/security-center/network-protection-security-advisories/SA145

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://www.symantec.com/security-center/network-protection-security-advisories/SA145

reference_url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt

reference_url

http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url

http://www.securityfocus.com/bid/96729

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://www.securityfocus.com/bid/96729

reference_url

http://www.securitytracker.com/id/1037973

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://www.securitytracker.com/id/1037973

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1430326
reference_id	1430326
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1430326

reference_url

https://www.exploit-db.com/exploits/41614/

reference_id

41614

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://www.exploit-db.com/exploits/41614/

reference_url

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

reference_id

critical-vulnerability-under-massive-attack-imperils-high-impact-sites

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

reference_url	https://github.com/nixawk/labs/tree/17cf725d64f33ef51b820dea4fc1e6133f579d64/CVE-2017-5638
reference_id	CVE-2017-5638
reference_type	exploit
scores
url	https://github.com/nixawk/labs/tree/17cf725d64f33ef51b820dea4fc1e6133f579d64/CVE-2017-5638

reference_url	https://github.com/rapid7/metasploit-framework/blob/173633263853c7717caa658a9b98350b985cda02/modules/exploits/multi/http/struts2_content_type_ognl.rb
reference_id	CVE-2017-5638
reference_type	exploit
scores
url	https://github.com/rapid7/metasploit-framework/blob/173633263853c7717caa658a9b98350b985cda02/modules/exploits/multi/http/struts2_content_type_ognl.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41570.py
reference_id	CVE-2017-5638
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41570.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41614.rb
reference_id	CVE-2017-5638
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41614.rb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5638

reference_id

CVE-2017-5638

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5638

reference_url

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/

reference_id

cve-2017-5638-apache-struts-vulnerability-remote-code-execution

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/

reference_url

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/

reference_id

cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/

reference_url

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2

reference_id

CVE-2017-5638-NEW-REMOTE-CODE-EXECUTION-RCE-VULNERABILITY-IN-APACHE-STRUTS-2

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2

reference_url

https://github.com/advisories/GHSA-j77q-2qqg-6989

reference_id

GHSA-j77q-2qqg-6989

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-j77q-2qqg-6989

reference_url

https://security.netapp.com/advisory/ntap-20170310-0001/

reference_id

ntap-20170310-0001

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://security.netapp.com/advisory/ntap-20170310-0001/

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.10.1

purl pkg:maven/org.apache.struts/struts2-core@2.5.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zkg1-bed6-bbfv

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1

aliases CVE-2017-5638, GHSA-j77q-2qqg-6989

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7c97-nj5a-hqb8

url VCID-87fh-rvvb-6ubq

vulnerability_id VCID-87fh-rvvb-6ubq

summary

Apache Struts file upload logic is flawed
File upload logic is flawed vulnerability in Apache Struts. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.

This issue affects Apache Struts: from 2.0.0 before 6.4.0.

Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload. If you are not using an old file upload logic based on FileuploadInterceptor your application is safe.

You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067 .

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-53677

reference_id

reference_type

scores

value	0.91785
scoring_system	epss
scoring_elements	0.99684
published_at	2026-04-02T12:55:00Z

value	0.91785
scoring_system	epss
scoring_elements	0.99685
published_at	2026-04-04T12:55:00Z

value	0.91785
scoring_system	epss
scoring_elements	0.99686
published_at	2026-04-07T12:55:00Z

value	0.93053
scoring_system	epss
scoring_elements	0.99788
published_at	2026-04-08T12:55:00Z

value	0.93053
scoring_system	epss
scoring_elements	0.99789
published_at	2026-04-13T12:55:00Z

value	0.93053
scoring_system	epss
scoring_elements	0.99791
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-53677

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-067

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-12T15:19:19Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-067

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854

reference_url

https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78

reference_url

https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-53677

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-53677

reference_url

https://security.netapp.com/advisory/ntap-20250103-0005

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250103-0005

reference_url

https://struts.apache.org/core-developers/file-upload

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/core-developers/file-upload

reference_url

https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2331686
reference_id	2331686
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2331686

reference_url

https://github.com/advisories/GHSA-43mq-6xmg-29vm

reference_id

GHSA-43mq-6xmg-29vm

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-43mq-6xmg-29vm

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@6.4.0

purl pkg:maven/org.apache.struts/struts2-core@6.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-95ts-vpk6-uubg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.4.0

aliases CVE-2024-53677, GHSA-43mq-6xmg-29vm

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-87fh-rvvb-6ubq

url VCID-95ts-vpk6-uubg

vulnerability_id VCID-95ts-vpk6-uubg

summary

Apache Struts has a Denial of Service vulnerability
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-66675

reference_id

reference_type

scores

value	0.00124
scoring_system	epss
scoring_elements	0.31685
published_at	2026-04-02T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31628
published_at	2026-04-09T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31599
published_at	2026-04-08T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31547
published_at	2026-04-07T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31729
published_at	2026-04-04T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40748
published_at	2026-04-18T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40786
published_at	2026-04-11T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40752
published_at	2026-04-12T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40733
published_at	2026-04-13T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40778
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-66675

reference_url

https://cve.org/CVERecord?id=CVE-2025-64775

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/

url

https://cve.org/CVERecord?id=CVE-2025-64775

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-068

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-068

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-66675

reference_id

CVE-2025-66675

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-66675

reference_url

https://github.com/advisories/GHSA-rg58-xhh7-mqjw

reference_id

GHSA-rg58-xhh7-mqjw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rg58-xhh7-mqjw

fixed_packages

url	pkg:maven/org.apache.struts/struts2-core@6.8.0
purl	pkg:maven/org.apache.struts/struts2-core@6.8.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0

url	pkg:maven/org.apache.struts/struts2-core@7.1.1
purl	pkg:maven/org.apache.struts/struts2-core@7.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1

aliases CVE-2025-66675, GHSA-rg58-xhh7-mqjw

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95ts-vpk6-uubg

url VCID-b7zy-qhz9-tuar

vulnerability_id VCID-b7zy-qhz9-tuar

summary

Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory (OOM) owing to not properly checking of list bounds. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.

Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-34149

reference_id

reference_type

scores

value	0.00062
scoring_system	epss
scoring_elements	0.19623
published_at	2026-04-04T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19344
published_at	2026-04-07T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19577
published_at	2026-04-02T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19474
published_at	2026-04-09T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19422
published_at	2026-04-08T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20662
published_at	2026-04-11T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.2055
published_at	2026-04-18T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20553
published_at	2026-04-16T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20567
published_at	2026-04-13T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.2062
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-34149

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-063

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-063

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21

reference_url

https://github.com/apache/struts/releases/tag/STRUTS_2_5_31

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/releases/tag/STRUTS_2_5_31

reference_url

https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1

reference_url

https://security.netapp.com/advisory/ntap-20230706-0005

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230706-0005

reference_url

http://www.openwall.com/lists/oss-security/2023/06/14/2

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/

url

http://www.openwall.com/lists/oss-security/2023/06/14/2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-34149

reference_id

CVE-2023-34149

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-34149

reference_url

https://github.com/advisories/GHSA-8f6x-v685-g2xc

reference_id

GHSA-8f6x-v685-g2xc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8f6x-v685-g2xc

reference_url

https://security.netapp.com/advisory/ntap-20230706-0005/

reference_id

ntap-20230706-0005

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/

url

https://security.netapp.com/advisory/ntap-20230706-0005/

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.31

purl pkg:maven/org.apache.struts/struts2-core@2.5.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31

url pkg:maven/org.apache.struts/struts2-core@6.1.2.1

purl pkg:maven/org.apache.struts/struts2-core@6.1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-gfxq-vtry-bqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1

aliases CVE-2023-34149, GHSA-8f6x-v685-g2xc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7zy-qhz9-tuar

url VCID-bgbt-j1n9-6yg5

vulnerability_id VCID-bgbt-j1n9-6yg5

summary The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1327

reference_id

reference_type

scores

value	0.0622
scoring_system	epss
scoring_elements	0.90902
published_at	2026-04-18T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90905
published_at	2026-04-16T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.9088
published_at	2026-04-13T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90881
published_at	2026-04-12T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90872
published_at	2026-04-09T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90866
published_at	2026-04-08T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90854
published_at	2026-04-07T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90844
published_at	2026-04-04T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90833
published_at	2026-04-02T12:55:00Z

value	0.0622
scoring_system	epss
scoring_elements	0.90828
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1327

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-056

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-056

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa

reference_url

https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4

reference_url

https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323

reference_url

https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20180330-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180330-0001

reference_url	https://security.netapp.com/advisory/ntap-20180330-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180330-0001/

reference_url	https://struts.apache.org/docs/s2-056.html
reference_id
reference_type
scores
url	https://struts.apache.org/docs/s2-056.html

reference_url

https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516

reference_url

https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_url	http://www.securityfocus.com/bid/103516
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103516

reference_url	http://www.securitytracker.com/id/1040575
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040575

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1561007
reference_id	1561007
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1561007

reference_url	https://access.redhat.com/security/cve/CVE-2018-1327
reference_id	CVE-2018-1327
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2018-1327

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1327

reference_id

CVE-2018-1327

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1327

reference_url

https://github.com/advisories/GHSA-38cr-2ph5-frr9

reference_id

GHSA-38cr-2ph5-frr9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-38cr-2ph5-frr9

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.16

purl pkg:maven/org.apache.struts/struts2-core@2.5.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.16

aliases CVE-2018-1327, GHSA-38cr-2ph5-frr9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bgbt-j1n9-6yg5

url VCID-cm62-bsdz-yye2

vulnerability_id VCID-cm62-bsdz-yye2

summary Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

references

reference_url

http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11776

reference_id

reference_type

scores

value	0.94431
scoring_system	epss
scoring_elements	0.99985
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11776

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-057

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-057

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url	https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b

reference_url

https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e

reference_url	https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72

reference_url	https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d

reference_url

https://lgtm.com/blog/apache_struts_CVE-2018-11776

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://lgtm.com/blog/apache_struts_CVE-2018-11776

reference_url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012

reference_url

https://security.netapp.com/advisory/ntap-20180822-0001

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180822-0001

reference_url

https://security.netapp.com/advisory/ntap-20181018-0002

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20181018-0002

reference_url

https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125

reference_url

https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888

reference_url

https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776

reference_url

https://www.exploit-db.com/exploits/45260

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/45260

reference_url

https://www.exploit-db.com/exploits/45262

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/45262

reference_url

https://www.exploit-db.com/exploits/45367

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/45367

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt

reference_url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_url

http://www.securityfocus.com/bid/105125

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

http://www.securityfocus.com/bid/105125

reference_url

http://www.securitytracker.com/id/1041547

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

http://www.securitytracker.com/id/1041547

reference_url

http://www.securitytracker.com/id/1041888

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

http://www.securitytracker.com/id/1041888

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1620019
reference_id	1620019
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1620019

reference_url

https://www.exploit-db.com/exploits/45260/

reference_id

45260

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://www.exploit-db.com/exploits/45260/

reference_url

https://www.exploit-db.com/exploits/45262/

reference_id

45262

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://www.exploit-db.com/exploits/45262/

reference_url

https://www.exploit-db.com/exploits/45367/

reference_id

45367

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://www.exploit-db.com/exploits/45367/

reference_url	https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py

reference_url	https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11776

reference_id

CVE-2018-11776

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11776

reference_url	https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb

reference_url

https://github.com/hook-s3c/CVE-2018-11776-Python-PoC

reference_id

CVE-2018-11776-PYTHON-POC

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://github.com/hook-s3c/CVE-2018-11776-Python-PoC

reference_url

https://github.com/advisories/GHSA-cr6j-3jp9-rw65

reference_id

GHSA-cr6j-3jp9-rw65

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cr6j-3jp9-rw65

reference_url

https://security.netapp.com/advisory/ntap-20180822-0001/

reference_id

ntap-20180822-0001

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/

url

https://security.netapp.com/advisory/ntap-20180822-0001/

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.17

purl pkg:maven/org.apache.struts/struts2-core@2.5.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.17

aliases CVE-2018-11776, GHSA-cr6j-3jp9-rw65

risk_score 10.0

exploitability 2.0

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cm62-bsdz-yye2

url VCID-dk2f-14xj-9bf8

vulnerability_id VCID-dk2f-14xj-9bf8

summary

Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory (OOM) owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.

Upgrade to Struts 2.5.31 or 6.1.2.1 or greater

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-34396

reference_id

reference_type

scores

value	0.00115
scoring_system	epss
scoring_elements	0.30099
published_at	2026-04-07T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30232
published_at	2026-04-02T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30281
published_at	2026-04-04T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30194
published_at	2026-04-09T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30159
published_at	2026-04-08T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.3147
published_at	2026-04-11T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31404
published_at	2026-04-18T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31425
published_at	2026-04-16T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31391
published_at	2026-04-13T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31428
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-34396

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-064

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-064

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21

reference_url

https://github.com/apache/struts/releases/tag/STRUTS_2_5_31

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/releases/tag/STRUTS_2_5_31

reference_url

https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1

reference_url

https://security.netapp.com/advisory/ntap-20230706-0005

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230706-0005

reference_url

http://www.openwall.com/lists/oss-security/2023/06/14/3

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/

url

http://www.openwall.com/lists/oss-security/2023/06/14/3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-34396

reference_id

CVE-2023-34396

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-34396

reference_url

https://github.com/advisories/GHSA-4g42-gqrg-4633

reference_id

GHSA-4g42-gqrg-4633

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4g42-gqrg-4633

reference_url

https://security.netapp.com/advisory/ntap-20230706-0005/

reference_id

ntap-20230706-0005

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/

url

https://security.netapp.com/advisory/ntap-20230706-0005/

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.31

purl pkg:maven/org.apache.struts/struts2-core@2.5.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31

url pkg:maven/org.apache.struts/struts2-core@6.1.2.1

purl pkg:maven/org.apache.struts/struts2-core@6.1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-gfxq-vtry-bqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1

aliases CVE-2023-34396, GHSA-4g42-gqrg-4633

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dk2f-14xj-9bf8

url VCID-gfxq-vtry-bqgg

vulnerability_id VCID-gfxq-vtry-bqgg

summary

Files or Directories Accessible to External Parties
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

references

reference_url

http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50164

reference_id

reference_type

scores

value	0.92864
scoring_system	epss
scoring_elements	0.99769
published_at	2026-04-18T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99842
published_at	2026-04-07T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99841
published_at	2026-04-02T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99844
published_at	2026-04-13T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99843
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50164

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-066

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-066

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163

reference_url

https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6

reference_url

https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj

reference_url

https://security.netapp.com/advisory/ntap-20231214-0010

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231214-0010

reference_url

https://www.openwall.com/lists/oss-security/2023/12/07/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2023/12/07/1

reference_url

http://www.openwall.com/lists/oss-security/2023/12/07/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/12/07/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2253938
reference_id	2253938
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2253938

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-50164

reference_id

CVE-2023-50164

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-50164

reference_url

https://github.com/advisories/GHSA-2j39-qcjm-428w

reference_id

GHSA-2j39-qcjm-428w

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2j39-qcjm-428w

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.33

purl pkg:maven/org.apache.struts/struts2-core@2.5.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-j8jv-hzsy-nyec

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.33

url pkg:maven/org.apache.struts/struts2-core@6.3.0.2

purl pkg:maven/org.apache.struts/struts2-core@6.3.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.3.0.2

aliases CVE-2023-50164, GHSA-2j39-qcjm-428w

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfxq-vtry-bqgg

url VCID-hgj2-vqzn-gyeb

vulnerability_id VCID-hgj2-vqzn-gyeb

summary

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-31805

reference_id

reference_type

scores

value	0.93956
scoring_system	epss
scoring_elements	0.99886
published_at	2026-04-18T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99883
published_at	2026-04-07T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99885
published_at	2026-04-13T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99884
published_at	2026-04-12T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99881
published_at	2026-04-01T12:55:00Z

value	0.93956
scoring_system	epss
scoring_elements	0.99882
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-31805

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-062

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-062

reference_url

https://security.netapp.com/advisory/ntap-20220420-0001

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220420-0001

reference_url	https://security.netapp.com/advisory/ntap-20220420-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220420-0001/

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

http://www.openwall.com/lists/oss-security/2022/04/12/6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/04/12/6

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2074788
reference_id	2074788
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2074788

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-31805

reference_id

CVE-2021-31805

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-31805

reference_url

https://github.com/advisories/GHSA-v8j6-6c2r-r27c

reference_id

GHSA-v8j6-6c2r-r27c

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v8j6-6c2r-r27c

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.30

purl pkg:maven/org.apache.struts/struts2-core@2.5.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.30

aliases CVE-2021-31805, GHSA-v8j6-6c2r-r27c

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgj2-vqzn-gyeb

url VCID-mdde-pa5h-w7g4

vulnerability_id VCID-mdde-pa5h-w7g4

summary In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9804.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9804.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9804

reference_id

reference_type

scores

value	0.04618
scoring_system	epss
scoring_elements	0.89278
published_at	2026-04-18T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89265
published_at	2026-04-13T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89268
published_at	2026-04-12T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89272
published_at	2026-04-11T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89263
published_at	2026-04-09T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89258
published_at	2026-04-08T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89223
published_at	2026-04-02T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89217
published_at	2026-04-01T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89241
published_at	2026-04-07T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89238
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9804

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url	https://github.com/apache/struts/commit/3fddfb6eb562d597c935084e9e81d43ed6bcd02
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/3fddfb6eb562d597c935084e9e81d43ed6bcd02

reference_url

https://github.com/apache/struts/commit/418a20c0594f23764fe29ced400c1219239899a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/418a20c0594f23764fe29ced400c1219239899a

reference_url	https://github.com/apache/struts/commit/744c1f409d983641af3e8e3b573c2f2d2c2c6d9
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/744c1f409d983641af3e8e3b573c2f2d2c2c6d9

reference_url	https://github.com/apache/struts/commit/8a04e80f01350c90f053d71366d5e0c2186fded
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/8a04e80f01350c90f053d71366d5e0c2186fded

reference_url	https://github.com/apache/struts/commit/9d47af6ffa355977b5acc713e6d1f25fac260a2
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/9d47af6ffa355977b5acc713e6d1f25fac260a2

reference_url	https://github.com/apache/struts/commit/a05259ed69a5a48379aa91650e4cd1cb4bd6e5a
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/a05259ed69a5a48379aa91650e4cd1cb4bd6e5a

reference_url

https://security.netapp.com/advisory/ntap-20180629-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180629-0001

reference_url	https://security.netapp.com/advisory/ntap-20180629-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180629-0001/

reference_url

https://struts.apache.org/docs/s2-050.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-050.html

reference_url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

reference_url

https://web.archive.org/web/20171113165852/http://www.securityfocus.com/bid/100612

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20171113165852/http://www.securityfocus.com/bid/100612

reference_url

https://web.archive.org/web/20201021075553/http://www.securitytracker.com/id/1039261

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201021075553/http://www.securitytracker.com/id/1039261

reference_url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt

reference_url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_url	http://www.securityfocus.com/bid/100612
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100612

reference_url	http://www.securitytracker.com/id/1039261
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039261

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1488491
reference_id	1488491
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1488491

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.33:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.10.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-9804

reference_id

CVE-2017-9804

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-9804

reference_url

https://github.com/advisories/GHSA-x5x7-3v85-wpc4

reference_id

GHSA-x5x7-3v85-wpc4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x5x7-3v85-wpc4

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.13

purl pkg:maven/org.apache.struts/struts2-core@2.5.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13

aliases CVE-2017-9804, GHSA-x5x7-3v85-wpc4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mdde-pa5h-w7g4

url VCID-tgd1-s1yg-9fdt

vulnerability_id VCID-tgd1-s1yg-9fdt

summary

Apache Struts 2 is Missing XML Validation
Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-68493

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07572
published_at	2026-04-18T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07598
published_at	2026-04-02T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0764
published_at	2026-04-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07615
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07673
published_at	2026-04-08T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07691
published_at	2026-04-09T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0769
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07676
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0766
published_at	2026-04-13T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07585
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-68493

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-069

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-069

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-68493

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-68493

reference_url

http://www.openwall.com/lists/oss-security/2026/01/11/2

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/01/11/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2428559
reference_id	2428559
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2428559

reference_url

https://github.com/advisories/GHSA-qcfc-hmrc-59x7

reference_id

GHSA-qcfc-hmrc-59x7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qcfc-hmrc-59x7

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@6.1.1

purl pkg:maven/org.apache.struts/struts2-core@6.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.1

aliases CVE-2025-68493, GHSA-qcfc-hmrc-59x7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgd1-s1yg-9fdt

url VCID-y4qu-21c9-6fav

vulnerability_id VCID-y4qu-21c9-6fav

summary When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9787.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9787.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9787

reference_id

reference_type

scores

value	0.08229
scoring_system	epss
scoring_elements	0.92229
published_at	2026-04-18T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92184
published_at	2026-04-01T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.9223
published_at	2026-04-16T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92218
published_at	2026-04-13T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92222
published_at	2026-04-12T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92221
published_at	2026-04-11T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92215
published_at	2026-04-09T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92212
published_at	2026-04-08T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.922
published_at	2026-04-07T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92197
published_at	2026-04-04T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92191
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9787

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:P

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/struts/commit/086b63735527d4bb0c1dd0d86a7c0374b825ff2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/086b63735527d4bb0c1dd0d86a7c0374b825ff2

reference_url

https://github.com/apache/struts/commit/0d6442bab5b44d93c4c2e63c5335f0a331333b9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/0d6442bab5b44d93c4c2e63c5335f0a331333b9

reference_url

https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20180706-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180706-0002

reference_url	https://security.netapp.com/advisory/ntap-20180706-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180706-0002/

reference_url

http://struts.apache.org/docs/s2-049.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/docs/s2-049.html

reference_url

https://web.archive.org/web/20170910013819/http://www.securitytracker.com/id/1039115

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170910013819/http://www.securitytracker.com/id/1039115

reference_url

https://web.archive.org/web/20200227144723/http://www.securityfocus.com/bid/99562

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227144723/http://www.securityfocus.com/bid/99562

reference_url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_url	http://www.securityfocus.com/bid/99562
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/99562

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1480608
reference_id	1480608
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1480608

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-9787

reference_id

CVE-2017-9787

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-9787

reference_url

https://github.com/advisories/GHSA-8mr5-h28g-36qx

reference_id

GHSA-8mr5-h28g-36qx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8mr5-h28g-36qx

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.12

purl pkg:maven/org.apache.struts/struts2-core@2.5.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12

aliases CVE-2017-9787, GHSA-8mr5-h28g-36qx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y4qu-21c9-6fav

url VCID-y5uq-a6dx-3yd4

vulnerability_id VCID-y5uq-a6dx-3yd4

summary

Unrestricted Upload of File with Dangerous Type
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1592

reference_id

reference_type

scores

value	0.00588
scoring_system	epss
scoring_elements	0.6917
published_at	2026-04-16T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69066
published_at	2026-04-01T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69178
published_at	2026-04-18T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69135
published_at	2026-04-08T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69085
published_at	2026-04-07T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69104
published_at	2026-04-04T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69082
published_at	2026-04-02T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69131
published_at	2026-04-13T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.6916
published_at	2026-04-12T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69176
published_at	2026-04-11T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69154
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1592

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76

reference_url

https://issues.apache.org/jira/browse/WW-5055

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/WW-5055

reference_url

https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E

reference_url

https://seclists.org/bugtraq/2012/Mar/110

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://seclists.org/bugtraq/2012/Mar/110

reference_url

https://struts.apache.org/security/#internal-security-mechanism

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/security/#internal-security-mechanism

reference_url

https://www.openwall.com/lists/oss-security/2012/03/28/12

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2012/03/28/12

reference_url	http://www.openwall.com/lists/oss-security/2012/03/28/12
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2012/03/28/12

reference_url

https://access.redhat.com/security/cve/cve-2012-1592

reference_id

CVE-2012-1592

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2012-1592

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-1592

reference_id

CVE-2012-1592

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-1592

reference_url

https://security-tracker.debian.org/tracker/CVE-2012-1592

reference_id

CVE-2012-1592

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security-tracker.debian.org/tracker/CVE-2012-1592

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml
reference_id	CVE-2012-1592;OSVDB-80547
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml

reference_url	https://www.securityfocus.com/bid/52702/info
reference_id	CVE-2012-1592;OSVDB-80547
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/52702/info

reference_url

https://github.com/advisories/GHSA-8m5q-crqq-6pmf

reference_id

GHSA-8m5q-crqq-6pmf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8m5q-crqq-6pmf

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.22

purl pkg:maven/org.apache.struts/struts2-core@2.5.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22

aliases CVE-2012-1592, GHSA-8m5q-crqq-6pmf

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y5uq-a6dx-3yd4

url VCID-zkg1-bed6-bbfv

vulnerability_id VCID-zkg1-bed6-bbfv

summary If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7672.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7672.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7672

reference_id

reference_type

scores

value	0.01346
scoring_system	epss
scoring_elements	0.801
published_at	2026-04-18T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.80072
published_at	2026-04-13T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.8008
published_at	2026-04-12T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.80096
published_at	2026-04-11T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.80076
published_at	2026-04-09T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.80028
published_at	2026-04-02T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.80021
published_at	2026-04-01T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.80068
published_at	2026-04-08T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.8004
published_at	2026-04-07T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.8005
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7672

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url	https://github.com/apache/struts/commit/931df54ab379bf4eb5a625bf05066b8563c3737b
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/931df54ab379bf4eb5a625bf05066b8563c3737b

reference_url

https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20180706-0002

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180706-0002

reference_url	https://security.netapp.com/advisory/ntap-20180706-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180706-0002/

reference_url

http://struts.apache.org/docs/s2-047.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/docs/s2-047.html

reference_url

https://web.archive.org/web/20170907215142/http://www.securitytracker.com/id/1039114

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170907215142/http://www.securitytracker.com/id/1039114

reference_url

https://web.archive.org/web/20200227144724/http://www.securityfocus.com/bid/99563

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227144724/http://www.securityfocus.com/bid/99563

reference_url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_url	http://www.securityfocus.com/bid/99563
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/99563

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1480614
reference_id	1480614
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1480614

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7672

reference_id

CVE-2017-7672

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7672

reference_url

https://github.com/advisories/GHSA-9gp7-jvm2-r4mx

reference_id

GHSA-9gp7-jvm2-r4mx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9gp7-jvm2-r4mx

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.12

purl pkg:maven/org.apache.struts/struts2-core@2.5.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12

aliases CVE-2017-7672, GHSA-9gp7-jvm2-r4mx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zkg1-bed6-bbfv

url VCID-zxww-8kb3-tufv

vulnerability_id VCID-zxww-8kb3-tufv

summary

Improper Preservation of Permissions in Apache Struts
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0233

reference_id

reference_type

scores

value	0.0778
scoring_system	epss
scoring_elements	0.91979
published_at	2026-04-18T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91924
published_at	2026-04-01T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91932
published_at	2026-04-02T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.9194
published_at	2026-04-04T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91946
published_at	2026-04-07T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91959
published_at	2026-04-08T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91964
published_at	2026-04-09T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91967
published_at	2026-04-11T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91966
published_at	2026-04-12T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91963
published_at	2026-04-13T12:55:00Z

value	0.0778
scoring_system	epss
scoring_elements	0.91982
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0233

reference_url

https://cwiki.apache.org/confluence/display/ww/s2-060

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/ww/s2-060

reference_url

https://launchpad.support.sap.com/#/notes/2982840

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://launchpad.support.sap.com/#/notes/2982840

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-0233

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-0233

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1869682
reference_id	1869682
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1869682

reference_url

https://github.com/advisories/GHSA-ccp5-gg58-pxfm

reference_id

GHSA-ccp5-gg58-pxfm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ccp5-gg58-pxfm

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.22

purl pkg:maven/org.apache.struts/struts2-core@2.5.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22

aliases CVE-2019-0233, GHSA-ccp5-gg58-pxfm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxww-8kb3-tufv

Fixing_vulnerabilities

url VCID-5qtg-djvn-97ht

vulnerability_id VCID-5qtg-djvn-97ht

summary In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-8738

reference_id

reference_type

scores

value	0.01107
scoring_system	epss
scoring_elements	0.78063
published_at	2026-04-02T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78055
published_at	2026-04-01T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78093
published_at	2026-04-04T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78144
published_at	2026-04-18T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78145
published_at	2026-04-16T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.7811
published_at	2026-04-13T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78113
published_at	2026-04-12T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78131
published_at	2026-04-11T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78105
published_at	2026-04-09T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78101
published_at	2026-04-08T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78075
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-8738

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/554b9dddb0fbd1e581ef577dd62a7c22955ad0f6

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/554b9dddb0fbd1e581ef577dd62a7c22955ad0f6

reference_url

https://security.netapp.com/advisory/ntap-20180629-0003

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180629-0003

reference_url	https://security.netapp.com/advisory/ntap-20180629-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180629-0003/

reference_url

https://struts.apache.org/docs/s2-044.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-044.html

reference_url	http://www.securityfocus.com/bid/94657
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94657

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-8738

reference_id

CVE-2016-8738

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-8738

reference_url

https://github.com/advisories/GHSA-86vq-8qhc-5rqw

reference_id

GHSA-86vq-8qhc-5rqw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-86vq-8qhc-5rqw

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.8

purl pkg:maven/org.apache.struts/struts2-core@2.5.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zkg1-bed6-bbfv

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.8

url pkg:maven/org.apache.struts/struts2-core@2.5.13

purl pkg:maven/org.apache.struts/struts2-core@2.5.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13

aliases CVE-2016-8738, GHSA-86vq-8qhc-5rqw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qtg-djvn-97ht

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.8

Package Instance