Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.struts.xwork/xwork-core@2.2.3
Typemaven
Namespaceorg.apache.struts.xwork
Namexwork-core
Version2.2.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-6241-shkt-s7ew
vulnerability_id VCID-6241-shkt-s7ew
summary Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2134
reference_id
reference_type
scores
0
value 0.91526
scoring_system epss
scoring_elements 0.99671
published_at 2026-04-09T12:55:00Z
1
value 0.91526
scoring_system epss
scoring_elements 0.99675
published_at 2026-04-21T12:55:00Z
2
value 0.91526
scoring_system epss
scoring_elements 0.99674
published_at 2026-04-18T12:55:00Z
3
value 0.91526
scoring_system epss
scoring_elements 0.99673
published_at 2026-04-16T12:55:00Z
4
value 0.91526
scoring_system epss
scoring_elements 0.99672
published_at 2026-04-13T12:55:00Z
5
value 0.92052
scoring_system epss
scoring_elements 0.99699
published_at 2026-04-02T12:55:00Z
6
value 0.92052
scoring_system epss
scoring_elements 0.99701
published_at 2026-04-07T12:55:00Z
7
value 0.92052
scoring_system epss
scoring_elements 0.997
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2134
1
reference_url https://cwiki.apache.org/confluence/display/WW/S2-015
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-015
2
reference_url http://security.gentoo.org/glsa/glsa-201409-04.xml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-201409-04.xml
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e
5
reference_url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0
6
reference_url https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f
7
reference_url https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c
8
reference_url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe
9
reference_url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3
10
reference_url https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba
11
reference_url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3
12
reference_url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37
13
reference_url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1
14
reference_url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16
15
reference_url https://issues.apache.org/jira/browse/WW-4090
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4090
16
reference_url https://issues.apache.org/jira/browse/WW-4094
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4094
17
reference_url https://issues.apache.org/jira/browse/WW-4095
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4095
18
reference_url http://struts.apache.org/development/2.x/docs/s2-015.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/development/2.x/docs/s2-015.html
19
reference_url http://struts.apache.org/docs/s2-015.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-015.html
20
reference_url https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346
21
reference_url https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758
22
reference_url http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
23
reference_url http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
24
reference_url http://www.securityfocus.com/bid/60346
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/60346
25
reference_url http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/64758
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2134
reference_id CVE-2013-2134
reference_type
scores
0
value 9.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:C/I:C/A:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2134
28
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt
reference_id CVE-2013-2134;OSVDB-93969
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt
29
reference_url https://www.securityfocus.com/bid/60345/info
reference_id CVE-2013-2134;OSVDB-93969
reference_type exploit
scores
url https://www.securityfocus.com/bid/60345/info
30
reference_url https://github.com/advisories/GHSA-gqqm-564f-vvxq
reference_id GHSA-gqqm-564f-vvxq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gqqm-564f-vvxq
31
reference_url https://security.gentoo.org/glsa/201409-04
reference_id GLSA-201409-04
reference_type
scores
url https://security.gentoo.org/glsa/201409-04
fixed_packages
0
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.3
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kdsa-599r-eud7
1
vulnerability VCID-p9xh-frm5-8ucp
2
vulnerability VCID-tgd1-s1yg-9fdt
3
vulnerability VCID-ufcq-57q9-53c7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.3
aliases CVE-2013-2134, GHSA-gqqm-564f-vvxq
risk_score 10.0
exploitability 2.0
weighted_severity 8.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6241-shkt-s7ew
1
url VCID-gv5f-auvz-5fda
vulnerability_id VCID-gv5f-auvz-5fda
summary The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
references
0
reference_url http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0393.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0393.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-0393
reference_id
reference_type
scores
0
value 0.58542
scoring_system epss
scoring_elements 0.98214
published_at 2026-04-21T12:55:00Z
1
value 0.58542
scoring_system epss
scoring_elements 0.98216
published_at 2026-04-18T12:55:00Z
2
value 0.58542
scoring_system epss
scoring_elements 0.98215
published_at 2026-04-16T12:55:00Z
3
value 0.58542
scoring_system epss
scoring_elements 0.98209
published_at 2026-04-13T12:55:00Z
4
value 0.58542
scoring_system epss
scoring_elements 0.98207
published_at 2026-04-09T12:55:00Z
5
value 0.58542
scoring_system epss
scoring_elements 0.98206
published_at 2026-04-08T12:55:00Z
6
value 0.58542
scoring_system epss
scoring_elements 0.98201
published_at 2026-04-07T12:55:00Z
7
value 0.58542
scoring_system epss
scoring_elements 0.982
published_at 2026-04-04T12:55:00Z
8
value 0.58542
scoring_system epss
scoring_elements 0.98193
published_at 2026-04-01T12:55:00Z
9
value 0.58542
scoring_system epss
scoring_elements 0.98196
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-0393
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
5
reference_url https://github.com/apache/struts/commit/9cad25f258bb2629d263f828574d2671366c238d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/9cad25f258bb2629d263f828574d2671366c238d
6
reference_url http://struts.apache.org/2.x/docs/s2-008.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/s2-008.html
7
reference_url http://struts.apache.org/2.x/docs/version-notes-2311.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/version-notes-2311.html
8
reference_url https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
9
reference_url https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393
10
reference_url https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/
reference_id
reference_type
scores
url https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/
11
reference_url http://www.exploit-db.com/exploits/18329
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.exploit-db.com/exploits/18329
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=773164
reference_id 773164
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=773164
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-0393
reference_id CVE-2012-0393
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-0393
14
reference_url https://github.com/advisories/GHSA-hxqq-w4mr-mc62
reference_id GHSA-hxqq-w4mr-mc62
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hxqq-w4mr-mc62
fixed_packages
0
url pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6241-shkt-s7ew
1
vulnerability VCID-hkjh-35ye-1ugj
2
vulnerability VCID-kdsa-599r-eud7
3
vulnerability VCID-p9xh-frm5-8ucp
4
vulnerability VCID-q96z-v3bs-k3dg
5
vulnerability VCID-tgd1-s1yg-9fdt
6
vulnerability VCID-ufcq-57q9-53c7
7
vulnerability VCID-vkb9-11h4-dugp
8
vulnerability VCID-vnkw-9fa2-zqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1
aliases CVE-2012-0393, GHSA-hxqq-w4mr-mc62
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gv5f-auvz-5fda
2
url VCID-hkjh-35ye-1ugj
vulnerability_id VCID-hkjh-35ye-1ugj
summary Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2115
reference_id
reference_type
scores
0
value 0.87487
scoring_system epss
scoring_elements 0.99454
published_at 2026-04-01T12:55:00Z
1
value 0.8761
scoring_system epss
scoring_elements 0.99469
published_at 2026-04-21T12:55:00Z
2
value 0.8761
scoring_system epss
scoring_elements 0.99468
published_at 2026-04-16T12:55:00Z
3
value 0.8761
scoring_system epss
scoring_elements 0.99465
published_at 2026-04-13T12:55:00Z
4
value 0.8761
scoring_system epss
scoring_elements 0.99464
published_at 2026-04-11T12:55:00Z
5
value 0.8761
scoring_system epss
scoring_elements 0.99463
published_at 2026-04-09T12:55:00Z
6
value 0.8761
scoring_system epss
scoring_elements 0.99462
published_at 2026-04-08T12:55:00Z
7
value 0.8761
scoring_system epss
scoring_elements 0.99461
published_at 2026-04-07T12:55:00Z
8
value 0.8761
scoring_system epss
scoring_elements 0.99459
published_at 2026-04-04T12:55:00Z
9
value 0.8761
scoring_system epss
scoring_elements 0.99457
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2115
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=967656
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=967656
3
reference_url https://cwiki.apache.org/confluence/display/WW/S2-013
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-013
4
reference_url https://cwiki.apache.org/confluence/display/WW/S2-014
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-014
5
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
6
reference_url https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650
7
reference_url https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d
8
reference_url https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6
9
reference_url https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474
10
reference_url https://issues.apache.org/jira/browse/WW-4063
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4063
11
reference_url http://struts.apache.org/development/2.x/docs/s2-014.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/development/2.x/docs/s2-014.html
12
reference_url http://struts.apache.org/docs/s2-014.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-014.html
13
reference_url https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167
14
reference_url http://www.securityfocus.com/bid/60167
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/60167
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2115
reference_id CVE-2013-2115
reference_type
scores
0
value 9.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:C/I:C/A:C
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2115
17
reference_url https://github.com/advisories/GHSA-7ghm-rpc7-p7g5
reference_id GHSA-7ghm-rpc7-p7g5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7ghm-rpc7-p7g5
fixed_packages
0
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.2
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6241-shkt-s7ew
1
vulnerability VCID-kdsa-599r-eud7
2
vulnerability VCID-p9xh-frm5-8ucp
3
vulnerability VCID-tgd1-s1yg-9fdt
4
vulnerability VCID-ufcq-57q9-53c7
5
vulnerability VCID-vnkw-9fa2-zqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.2
aliases CVE-2013-2115, GHSA-7ghm-rpc7-p7g5
risk_score 10.0
exploitability 2.0
weighted_severity 8.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkjh-35ye-1ugj
3
url VCID-kdsa-599r-eud7
vulnerability_id VCID-kdsa-599r-eud7
summary The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
references
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045
1
reference_url http://jvn.jp/en/jp/JVN19294237/index.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN19294237/index.html
2
reference_url http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0094
reference_id
reference_type
scores
0
value 0.93134
scoring_system epss
scoring_elements 0.99796
published_at 2026-04-13T12:55:00Z
1
value 0.93134
scoring_system epss
scoring_elements 0.99795
published_at 2026-04-08T12:55:00Z
2
value 0.93134
scoring_system epss
scoring_elements 0.99794
published_at 2026-04-04T12:55:00Z
3
value 0.93134
scoring_system epss
scoring_elements 0.99799
published_at 2026-04-21T12:55:00Z
4
value 0.93134
scoring_system epss
scoring_elements 0.99798
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0094
5
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
6
reference_url https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f
7
reference_url https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62
8
reference_url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
9
reference_url http://struts.apache.org/docs/s2-021.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-021.html
10
reference_url http://struts.apache.org/release/2.3.x/docs/s2-020.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/release/2.3.x/docs/s2-020.html
11
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094
12
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
13
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21676706
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21676706
14
reference_url http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
15
reference_url http://www.konakart.com/downloads/ver-7-3-0-0-whats-new
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.konakart.com/downloads/ver-7-3-0-0-whats-new
16
reference_url http://www.vmware.com/security/advisories/VMSA-2014-0007.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2014-0007.html
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1073716
reference_id 1073716
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1073716
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0094
reference_id CVE-2014-0094
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0094
19
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb
reference_id CVE-2014-0113;CVE-2014-0112;CVE-2014-0094;OSVDB-103918
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb
20
reference_url https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb
reference_id CVE-2014-0114;CVE-2014-0112;CVE-2014-0094
reference_type exploit
scores
url https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb
21
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb
reference_id CVE-2014-0114;CVE-2014-0112;CVE-2014-0094
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb
22
reference_url https://github.com/advisories/GHSA-vrwc-qjmw-5rjm
reference_id GHSA-vrwc-qjmw-5rjm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vrwc-qjmw-5rjm
fixed_packages
0
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.2
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p9xh-frm5-8ucp
1
vulnerability VCID-tgd1-s1yg-9fdt
2
vulnerability VCID-ufcq-57q9-53c7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.16.2
aliases CVE-2014-0094, GHSA-vrwc-qjmw-5rjm
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kdsa-599r-eud7
4
url VCID-nmgp-r7hb-5ke1
vulnerability_id VCID-nmgp-r7hb-5ke1
summary The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
references
0
reference_url http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/
url http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0391.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0391.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-0391
reference_id
reference_type
scores
0
value 0.88319
scoring_system epss
scoring_elements 0.99499
published_at 2026-04-21T12:55:00Z
1
value 0.88319
scoring_system epss
scoring_elements 0.99495
published_at 2026-04-12T12:55:00Z
2
value 0.88319
scoring_system epss
scoring_elements 0.99494
published_at 2026-04-13T12:55:00Z
3
value 0.88319
scoring_system epss
scoring_elements 0.99493
published_at 2026-04-09T12:55:00Z
4
value 0.88319
scoring_system epss
scoring_elements 0.99492
published_at 2026-04-07T12:55:00Z
5
value 0.88319
scoring_system epss
scoring_elements 0.99498
published_at 2026-04-18T12:55:00Z
6
value 0.88319
scoring_system epss
scoring_elements 0.9949
published_at 2026-04-04T12:55:00Z
7
value 0.88319
scoring_system epss
scoring_elements 0.99488
published_at 2026-04-02T12:55:00Z
8
value 0.88319
scoring_system epss
scoring_elements 0.99497
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-0391
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
5
reference_url https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b
6
reference_url https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892
7
reference_url https://issues.apache.org/jira/browse/WW-3668
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/
url https://issues.apache.org/jira/browse/WW-3668
8
reference_url http://struts.apache.org/2.x/docs/s2-008.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/
url http://struts.apache.org/2.x/docs/s2-008.html
9
reference_url http://struts.apache.org/2.x/docs/version-notes-2311.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/
url http://struts.apache.org/2.x/docs/version-notes-2311.html
10
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0391
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0391
11
reference_url https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/
url https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
12
reference_url http://www.exploit-db.com/exploits/18329
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/
url http://www.exploit-db.com/exploits/18329
13
reference_url http://secunia.com/advisories/47393
reference_id 47393
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/
url http://secunia.com/advisories/47393
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=773159
reference_id 773159
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=773159
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-0391
reference_id CVE-2012-0391
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-0391
16
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/18984.rb
reference_id CVE-2012-0391;OSVDB-78277
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/18984.rb
17
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/18329.txt
reference_id CVE-2012-0394;CVE-2012-0393;CVE-2012-0392;CVE-2012-0391;OSVDB-78277;OSVDB-78276;OSVDB-78109;OSVDB-78108
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/18329.txt
18
reference_url https://github.com/advisories/GHSA-4wrr-9h5r-m92w
reference_id GHSA-4wrr-9h5r-m92w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4wrr-9h5r-m92w
fixed_packages
0
url pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6241-shkt-s7ew
1
vulnerability VCID-hkjh-35ye-1ugj
2
vulnerability VCID-kdsa-599r-eud7
3
vulnerability VCID-p9xh-frm5-8ucp
4
vulnerability VCID-q96z-v3bs-k3dg
5
vulnerability VCID-tgd1-s1yg-9fdt
6
vulnerability VCID-ufcq-57q9-53c7
7
vulnerability VCID-vkb9-11h4-dugp
8
vulnerability VCID-vnkw-9fa2-zqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1
aliases CVE-2012-0391, GHSA-4wrr-9h5r-m92w
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nmgp-r7hb-5ke1
5
url VCID-p9xh-frm5-8ucp
vulnerability_id VCID-p9xh-frm5-8ucp
summary The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1831.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1831.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1831
reference_id
reference_type
scores
0
value 0.04514
scoring_system epss
scoring_elements 0.89158
published_at 2026-04-21T12:55:00Z
1
value 0.04514
scoring_system epss
scoring_elements 0.89144
published_at 2026-04-09T12:55:00Z
2
value 0.04514
scoring_system epss
scoring_elements 0.89155
published_at 2026-04-11T12:55:00Z
3
value 0.04514
scoring_system epss
scoring_elements 0.89151
published_at 2026-04-12T12:55:00Z
4
value 0.04514
scoring_system epss
scoring_elements 0.89149
published_at 2026-04-13T12:55:00Z
5
value 0.04514
scoring_system epss
scoring_elements 0.89161
published_at 2026-04-18T12:55:00Z
6
value 0.04514
scoring_system epss
scoring_elements 0.89096
published_at 2026-04-01T12:55:00Z
7
value 0.04514
scoring_system epss
scoring_elements 0.89104
published_at 2026-04-02T12:55:00Z
8
value 0.04514
scoring_system epss
scoring_elements 0.89119
published_at 2026-04-04T12:55:00Z
9
value 0.04514
scoring_system epss
scoring_elements 0.89121
published_at 2026-04-07T12:55:00Z
10
value 0.04514
scoring_system epss
scoring_elements 0.89139
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1831
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/d832747d647df343ed07a58b1b5e540a05a4d51b
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/d832747d647df343ed07a58b1b5e540a05a4d51b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1831
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-1831
5
reference_url https://struts.apache.org/docs/s2-024.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-024.html
6
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1831
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1831
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1222515
reference_id 1222515
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1222515
8
reference_url https://github.com/advisories/GHSA-q2cg-xf9p-h457
reference_id GHSA-q2cg-xf9p-h457
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q2cg-xf9p-h457
fixed_packages
0
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20.1
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-js22-usgt-8qd9
1
vulnerability VCID-tgd1-s1yg-9fdt
2
vulnerability VCID-zc1y-ff37-nqat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20.1
aliases CVE-2015-1831, GHSA-q2cg-xf9p-h457
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p9xh-frm5-8ucp
6
url VCID-q96z-v3bs-k3dg
vulnerability_id VCID-q96z-v3bs-k3dg
summary Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4387
reference_id
reference_type
scores
0
value 0.07916
scoring_system epss
scoring_elements 0.92054
published_at 2026-04-21T12:55:00Z
1
value 0.07916
scoring_system epss
scoring_elements 0.92003
published_at 2026-04-01T12:55:00Z
2
value 0.07916
scoring_system epss
scoring_elements 0.92011
published_at 2026-04-02T12:55:00Z
3
value 0.07916
scoring_system epss
scoring_elements 0.92019
published_at 2026-04-04T12:55:00Z
4
value 0.07916
scoring_system epss
scoring_elements 0.92024
published_at 2026-04-07T12:55:00Z
5
value 0.07916
scoring_system epss
scoring_elements 0.92037
published_at 2026-04-08T12:55:00Z
6
value 0.07916
scoring_system epss
scoring_elements 0.9204
published_at 2026-04-13T12:55:00Z
7
value 0.07916
scoring_system epss
scoring_elements 0.92043
published_at 2026-04-11T12:55:00Z
8
value 0.07916
scoring_system epss
scoring_elements 0.92044
published_at 2026-04-12T12:55:00Z
9
value 0.07916
scoring_system epss
scoring_elements 0.92059
published_at 2026-04-16T12:55:00Z
10
value 0.07916
scoring_system epss
scoring_elements 0.92056
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4387
1
reference_url http://secunia.com/advisories/50420
reference_id
reference_type
scores
url http://secunia.com/advisories/50420
2
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/78183
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/78183
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/80e03182d66d9e6ab18f9a9a9b3c42725a1c89e9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/80e03182d66d9e6ab18f9a9a9b3c42725a1c89e9
5
reference_url https://github.com/apache/struts/commit/87935af56a27235e9399308ee1fcfb74f8edcefa
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/87935af56a27235e9399308ee1fcfb74f8edcefa
6
reference_url https://issues.apache.org/jira/browse/WW-3860
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-3860
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-4387
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-4387
8
reference_url http://struts.apache.org/2.x/docs/s2-011.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/s2-011.html
9
reference_url http://struts.apache.org/docs/s2-011.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-011.html
10
reference_url http://www.openwall.com/lists/oss-security/2012/09/01/4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/09/01/4
11
reference_url http://www.openwall.com/lists/oss-security/2012/09/01/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/09/01/5
12
reference_url http://www.securityfocus.com/bid/55346
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/55346
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*
48
reference_url https://github.com/advisories/GHSA-hrgc-54mv-58gv
reference_id GHSA-hrgc-54mv-58gv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrgc-54mv-58gv
fixed_packages
0
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.4.1
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6241-shkt-s7ew
1
vulnerability VCID-hkjh-35ye-1ugj
2
vulnerability VCID-kdsa-599r-eud7
3
vulnerability VCID-p9xh-frm5-8ucp
4
vulnerability VCID-tgd1-s1yg-9fdt
5
vulnerability VCID-ufcq-57q9-53c7
6
vulnerability VCID-vkb9-11h4-dugp
7
vulnerability VCID-vnkw-9fa2-zqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.4.1
aliases CVE-2012-4387, GHSA-hrgc-54mv-58gv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q96z-v3bs-k3dg
7
url VCID-r28t-sdc5-kbga
vulnerability_id VCID-r28t-sdc5-kbga
summary The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
references
0
reference_url http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0392.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0392.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-0392
reference_id
reference_type
scores
0
value 0.85099
scoring_system epss
scoring_elements 0.99357
published_at 2026-04-21T12:55:00Z
1
value 0.85099
scoring_system epss
scoring_elements 0.99355
published_at 2026-04-13T12:55:00Z
2
value 0.85099
scoring_system epss
scoring_elements 0.99353
published_at 2026-04-11T12:55:00Z
3
value 0.85099
scoring_system epss
scoring_elements 0.99351
published_at 2026-04-09T12:55:00Z
4
value 0.85099
scoring_system epss
scoring_elements 0.99349
published_at 2026-04-07T12:55:00Z
5
value 0.85099
scoring_system epss
scoring_elements 0.99348
published_at 2026-04-04T12:55:00Z
6
value 0.85099
scoring_system epss
scoring_elements 0.99346
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-0392
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
5
reference_url https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58
6
reference_url https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html
7
reference_url http://struts.apache.org/2.x/docs/s2-008.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/s2-008.html
8
reference_url http://struts.apache.org/2.x/docs/version-notes-2311.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/version-notes-2311.html
9
reference_url https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
10
reference_url https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393
11
reference_url https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/
reference_id
reference_type
scores
url https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/
12
reference_url http://www.exploit-db.com/exploits/18329
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.exploit-db.com/exploits/18329
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=773162
reference_id 773162
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=773162
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-0392
reference_id CVE-2012-0392
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-0392
15
reference_url https://github.com/advisories/GHSA-2ppp-xj34-vvf7
reference_id GHSA-2ppp-xj34-vvf7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2ppp-xj34-vvf7
fixed_packages
0
url pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6241-shkt-s7ew
1
vulnerability VCID-hkjh-35ye-1ugj
2
vulnerability VCID-kdsa-599r-eud7
3
vulnerability VCID-p9xh-frm5-8ucp
4
vulnerability VCID-q96z-v3bs-k3dg
5
vulnerability VCID-tgd1-s1yg-9fdt
6
vulnerability VCID-ufcq-57q9-53c7
7
vulnerability VCID-vkb9-11h4-dugp
8
vulnerability VCID-vnkw-9fa2-zqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1
aliases CVE-2012-0392, GHSA-2ppp-xj34-vvf7
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r28t-sdc5-kbga
8
url VCID-tgd1-s1yg-9fdt
vulnerability_id VCID-tgd1-s1yg-9fdt
summary 
Apache Struts 2 is Missing XML Validation
Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68493
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07712
published_at 2026-04-21T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07615
published_at 2026-04-07T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.0764
published_at 2026-04-04T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.07673
published_at 2026-04-08T12:55:00Z
4
value 0.00027
scoring_system epss
scoring_elements 0.07572
published_at 2026-04-18T12:55:00Z
5
value 0.00027
scoring_system epss
scoring_elements 0.07585
published_at 2026-04-16T12:55:00Z
6
value 0.00027
scoring_system epss
scoring_elements 0.0766
published_at 2026-04-13T12:55:00Z
7
value 0.00027
scoring_system epss
scoring_elements 0.07676
published_at 2026-04-12T12:55:00Z
8
value 0.00027
scoring_system epss
scoring_elements 0.0769
published_at 2026-04-11T12:55:00Z
9
value 0.00027
scoring_system epss
scoring_elements 0.07598
published_at 2026-04-02T12:55:00Z
10
value 0.00027
scoring_system epss
scoring_elements 0.07691
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68493
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-069
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/
url https://cwiki.apache.org/confluence/display/WW/S2-069
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68493
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68493
5
reference_url http://www.openwall.com/lists/oss-security/2026/01/11/2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/01/11/2
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2428559
reference_id 2428559
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2428559
7
reference_url https://github.com/advisories/GHSA-qcfc-hmrc-59x7
reference_id GHSA-qcfc-hmrc-59x7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qcfc-hmrc-59x7
fixed_packages
aliases CVE-2025-68493, GHSA-qcfc-hmrc-59x7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgd1-s1yg-9fdt
9
url VCID-ufcq-57q9-53c7
vulnerability_id VCID-ufcq-57q9-53c7
summary The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
references
0
reference_url http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0394.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0394.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-0394
reference_id
reference_type
scores
0
value 0.92567
scoring_system epss
scoring_elements 0.99743
published_at 2026-04-21T12:55:00Z
1
value 0.92567
scoring_system epss
scoring_elements 0.99742
published_at 2026-04-18T12:55:00Z
2
value 0.92567
scoring_system epss
scoring_elements 0.99738
published_at 2026-04-02T12:55:00Z
3
value 0.92567
scoring_system epss
scoring_elements 0.99741
published_at 2026-04-13T12:55:00Z
4
value 0.92567
scoring_system epss
scoring_elements 0.99739
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-0394
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58
5
reference_url https://github.com/apache/struts/commit/9cad25f258bb2629d263f828574d2671366c238d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/9cad25f258bb2629d263f828574d2671366c238d
6
reference_url https://issues.apache.org/jira/browse/WW-3729
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-3729
7
reference_url http://struts.apache.org/2.x/docs/s2-008.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/s2-008.html
8
reference_url http://struts.apache.org/2.x/docs/version-notes-2311.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/version-notes-2311.html
9
reference_url https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
10
reference_url http://www.exploit-db.com/exploits/18329
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.exploit-db.com/exploits/18329
11
reference_url http://www.exploit-db.com/exploits/31434
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.exploit-db.com/exploits/31434
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=773167
reference_id 773167
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=773167
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-0394
reference_id CVE-2012-0394
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-0394
14
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/31434.rb
reference_id CVE-2012-0394;OSVDB-78276
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/31434.rb
15
reference_url https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
reference_id CVE-2012-0394;OSVDB-78276
reference_type exploit
scores
url https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt
16
reference_url https://github.com/advisories/GHSA-hmvj-gc9q-mg9p
reference_id GHSA-hmvj-gc9q-mg9p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hmvj-gc9q-mg9p
fixed_packages
0
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.18
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.18
1
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-js22-usgt-8qd9
1
vulnerability VCID-p9xh-frm5-8ucp
2
vulnerability VCID-tgd1-s1yg-9fdt
3
vulnerability VCID-zc1y-ff37-nqat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20
aliases CVE-2012-0394, GHSA-hmvj-gc9q-mg9p
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ufcq-57q9-53c7
10
url VCID-vkb9-11h4-dugp
vulnerability_id VCID-vkb9-11h4-dugp
summary Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1966
reference_id
reference_type
scores
0
value 0.91096
scoring_system epss
scoring_elements 0.99642
published_at 2026-04-07T12:55:00Z
1
value 0.91096
scoring_system epss
scoring_elements 0.99647
published_at 2026-04-21T12:55:00Z
2
value 0.91096
scoring_system epss
scoring_elements 0.99641
published_at 2026-04-04T12:55:00Z
3
value 0.91096
scoring_system epss
scoring_elements 0.99643
published_at 2026-04-12T12:55:00Z
4
value 0.91096
scoring_system epss
scoring_elements 0.9964
published_at 2026-04-02T12:55:00Z
5
value 0.91096
scoring_system epss
scoring_elements 0.99646
published_at 2026-04-18T12:55:00Z
6
value 0.91096
scoring_system epss
scoring_elements 0.99644
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1966
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=967656
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=967656
3
reference_url https://cwiki.apache.org/confluence/display/WW/S2-013
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-013
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56
6
reference_url http://struts.apache.org/development/2.x/docs/s2-013.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/development/2.x/docs/s2-013.html
7
reference_url http://struts.apache.org/docs/s2-013.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-013.html
8
reference_url http://struts.apache.org/docs/s2-014.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-014.html
9
reference_url http://www.securityfocus.com/bid/60166
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/60166
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1966
reference_id CVE-2013-1966
reference_type
scores
0
value 9.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:C/I:C/A:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1966
12
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb
reference_id CVE-2013-2115;OSVDB-93645;CVE-2013-1966
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb
13
reference_url https://github.com/advisories/GHSA-737w-mh58-cxjp
reference_id GHSA-737w-mh58-cxjp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-737w-mh58-cxjp
fixed_packages
0
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.2
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6241-shkt-s7ew
1
vulnerability VCID-kdsa-599r-eud7
2
vulnerability VCID-p9xh-frm5-8ucp
3
vulnerability VCID-tgd1-s1yg-9fdt
4
vulnerability VCID-ufcq-57q9-53c7
5
vulnerability VCID-vnkw-9fa2-zqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.2
aliases CVE-2013-1966, GHSA-737w-mh58-cxjp
risk_score 10.0
exploitability 2.0
weighted_severity 8.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vkb9-11h4-dugp
11
url VCID-vnkw-9fa2-zqcm
vulnerability_id VCID-vnkw-9fa2-zqcm
summary Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2135
reference_id
reference_type
scores
0
value 0.83013
scoring_system epss
scoring_elements 0.99247
published_at 2026-04-02T12:55:00Z
1
value 0.83013
scoring_system epss
scoring_elements 0.99258
published_at 2026-04-21T12:55:00Z
2
value 0.83013
scoring_system epss
scoring_elements 0.99257
published_at 2026-04-18T12:55:00Z
3
value 0.83013
scoring_system epss
scoring_elements 0.99256
published_at 2026-04-12T12:55:00Z
4
value 0.83013
scoring_system epss
scoring_elements 0.99255
published_at 2026-04-13T12:55:00Z
5
value 0.83013
scoring_system epss
scoring_elements 0.99254
published_at 2026-04-08T12:55:00Z
6
value 0.83013
scoring_system epss
scoring_elements 0.99253
published_at 2026-04-07T12:55:00Z
7
value 0.83013
scoring_system epss
scoring_elements 0.9925
published_at 2026-04-04T12:55:00Z
8
value 0.83013
scoring_system epss
scoring_elements 0.99245
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2135
1
reference_url https://cwiki.apache.org/confluence/display/WW/S2-015
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-015
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e
4
reference_url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0
5
reference_url https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f
6
reference_url https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c
7
reference_url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe
8
reference_url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3
9
reference_url https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba
10
reference_url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3
11
reference_url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37
12
reference_url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1
13
reference_url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16
14
reference_url https://issues.apache.org/jira/browse/WW-4090
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4090
15
reference_url https://issues.apache.org/jira/browse/WW-4094
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4094
16
reference_url https://issues.apache.org/jira/browse/WW-4095
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4095
17
reference_url http://struts.apache.org/development/2.x/docs/s2-015.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/development/2.x/docs/s2-015.html
18
reference_url http://struts.apache.org/docs/s2-015.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-015.html
19
reference_url https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758
20
reference_url http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
21
reference_url http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
22
reference_url http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/64758
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2135
reference_id CVE-2013-2135
reference_type
scores
0
value 9.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:C/I:C/A:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2135
25
reference_url https://github.com/advisories/GHSA-pw8r-x2qm-3h5m
reference_id GHSA-pw8r-x2qm-3h5m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pw8r-x2qm-3h5m
fixed_packages
0
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.3
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kdsa-599r-eud7
1
vulnerability VCID-p9xh-frm5-8ucp
2
vulnerability VCID-tgd1-s1yg-9fdt
3
vulnerability VCID-ufcq-57q9-53c7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.14.3
aliases CVE-2013-2135, GHSA-pw8r-x2qm-3h5m
risk_score 10.0
exploitability 2.0
weighted_severity 8.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vnkw-9fa2-zqcm
12
url VCID-z1gf-169n-m3af
vulnerability_id VCID-z1gf-169n-m3af
summary Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
references
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012
1
reference_url http://jvn.jp/en/jp/JVN79099262/index.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN79099262/index.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0838.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0838.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-0838
reference_id
reference_type
scores
0
value 0.11109
scoring_system epss
scoring_elements 0.93486
published_at 2026-04-18T12:55:00Z
1
value 0.11109
scoring_system epss
scoring_elements 0.93481
published_at 2026-04-16T12:55:00Z
2
value 0.11109
scoring_system epss
scoring_elements 0.93461
published_at 2026-04-13T12:55:00Z
3
value 0.11109
scoring_system epss
scoring_elements 0.9346
published_at 2026-04-12T12:55:00Z
4
value 0.11109
scoring_system epss
scoring_elements 0.93455
published_at 2026-04-09T12:55:00Z
5
value 0.11109
scoring_system epss
scoring_elements 0.93451
published_at 2026-04-08T12:55:00Z
6
value 0.11109
scoring_system epss
scoring_elements 0.93492
published_at 2026-04-21T12:55:00Z
7
value 0.11109
scoring_system epss
scoring_elements 0.93443
published_at 2026-04-07T12:55:00Z
8
value 0.13997
scoring_system epss
scoring_elements 0.94304
published_at 2026-04-02T12:55:00Z
9
value 0.13997
scoring_system epss
scoring_elements 0.94295
published_at 2026-04-01T12:55:00Z
10
value 0.13997
scoring_system epss
scoring_elements 0.94315
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-0838
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
6
reference_url https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b
7
reference_url https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892
8
reference_url https://issues.apache.org/jira/browse/WW-3668
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-3668
9
reference_url http://struts.apache.org/2.3.1.2/docs/s2-007.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.3.1.2/docs/s2-007.html
10
reference_url http://struts.apache.org/docs/s2-007.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-007.html
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=799980
reference_id 799980
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=799980
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-0838
reference_id CVE-2012-0838
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-0838
13
reference_url https://github.com/advisories/GHSA-mwrx-hx6x-3hhv
reference_id GHSA-mwrx-hx6x-3hhv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwrx-hx6x-3hhv
fixed_packages
0
url pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6241-shkt-s7ew
1
vulnerability VCID-hkjh-35ye-1ugj
2
vulnerability VCID-kdsa-599r-eud7
3
vulnerability VCID-p9xh-frm5-8ucp
4
vulnerability VCID-q96z-v3bs-k3dg
5
vulnerability VCID-tgd1-s1yg-9fdt
6
vulnerability VCID-ufcq-57q9-53c7
7
vulnerability VCID-vkb9-11h4-dugp
8
vulnerability VCID-vnkw-9fa2-zqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3.1
aliases CVE-2012-0838, GHSA-mwrx-hx6x-3hhv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z1gf-169n-m3af
Fixing_vulnerabilities
0
url VCID-fu4h-rp1z-83eq
vulnerability_id VCID-fu4h-rp1z-83eq
summary 
Exposure of Sensitive Information to an Unauthorized Actor
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2088.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2088.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2088
reference_id
reference_type
scores
0
value 0.00825
scoring_system epss
scoring_elements 0.74487
published_at 2026-04-21T12:55:00Z
1
value 0.00825
scoring_system epss
scoring_elements 0.74408
published_at 2026-04-07T12:55:00Z
2
value 0.00825
scoring_system epss
scoring_elements 0.7444
published_at 2026-04-08T12:55:00Z
3
value 0.00825
scoring_system epss
scoring_elements 0.74458
published_at 2026-04-09T12:55:00Z
4
value 0.00825
scoring_system epss
scoring_elements 0.7448
published_at 2026-04-11T12:55:00Z
5
value 0.00825
scoring_system epss
scoring_elements 0.7446
published_at 2026-04-12T12:55:00Z
6
value 0.00825
scoring_system epss
scoring_elements 0.74451
published_at 2026-04-13T12:55:00Z
7
value 0.00825
scoring_system epss
scoring_elements 0.74488
published_at 2026-04-16T12:55:00Z
8
value 0.00825
scoring_system epss
scoring_elements 0.74496
published_at 2026-04-18T12:55:00Z
9
value 0.00825
scoring_system epss
scoring_elements 0.74402
published_at 2026-04-01T12:55:00Z
10
value 0.00825
scoring_system epss
scoring_elements 0.74406
published_at 2026-04-02T12:55:00Z
11
value 0.00825
scoring_system epss
scoring_elements 0.74433
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2088
2
reference_url http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html
3
reference_url http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html
reference_id
reference_type
scores
url http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html
4
reference_url https://github.com/apache/struts/commit/885ab3459e146ff830d1f7257f809f4a3dd4493a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/885ab3459e146ff830d1f7257f809f4a3dd4493a
5
reference_url https://issues.apache.org/jira/browse/WW-3579
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-3579
6
reference_url https://web.archive.org/web/20110726113612/http://www.ventuneac.net/security-advisories/MVSA-11-006
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20110726113612/http://www.ventuneac.net/security-advisories/MVSA-11-006
7
reference_url https://web.archive.org/web/20201207174744/http://www.securityfocus.com/archive/1/518066/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207174744/http://www.securityfocus.com/archive/1/518066/100/0/threaded
8
reference_url http://www.securityfocus.com/archive/1/518066/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/518066/100/0/threaded
9
reference_url http://www.ventuneac.net/security-advisories/MVSA-11-006
reference_id
reference_type
scores
url http://www.ventuneac.net/security-advisories/MVSA-11-006
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=723829
reference_id 723829
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=723829
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:webwork:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:opensymphony:webwork:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:webwork:-:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:opensymphony:xwork:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:-:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:opensymphony:xwork:2.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.2.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2088
reference_id CVE-2011-2088
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2088
16
reference_url https://github.com/advisories/GHSA-9ccm-g362-2r35
reference_id GHSA-9ccm-g362-2r35
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9ccm-g362-2r35
fixed_packages
0
url pkg:maven/org.apache.struts.xwork/xwork-core@2.2.2
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.2.2
1
url pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6241-shkt-s7ew
1
vulnerability VCID-gv5f-auvz-5fda
2
vulnerability VCID-hkjh-35ye-1ugj
3
vulnerability VCID-kdsa-599r-eud7
4
vulnerability VCID-nmgp-r7hb-5ke1
5
vulnerability VCID-p9xh-frm5-8ucp
6
vulnerability VCID-q96z-v3bs-k3dg
7
vulnerability VCID-r28t-sdc5-kbga
8
vulnerability VCID-tgd1-s1yg-9fdt
9
vulnerability VCID-ufcq-57q9-53c7
10
vulnerability VCID-vkb9-11h4-dugp
11
vulnerability VCID-vnkw-9fa2-zqcm
12
vulnerability VCID-z1gf-169n-m3af
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3
aliases CVE-2011-2088, GHSA-9ccm-g362-2r35
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fu4h-rp1z-83eq
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.2.3