Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.struts/struts2-core@2.5.0

Type maven

Namespace org.apache.struts

Name struts2-core

Version 2.5.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.8.0

Latest_non_vulnerable_version 7.1.1

Affected_by_vulnerabilities

url VCID-579w-2k2v-efa2

vulnerability_id VCID-579w-2k2v-efa2

summary In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12611

reference_id

reference_type

scores

value	0.94228
scoring_system	epss
scoring_elements	0.99927
published_at	2026-04-21T12:55:00Z

value	0.94228
scoring_system	epss
scoring_elements	0.99926
published_at	2026-04-18T12:55:00Z

value	0.94228
scoring_system	epss
scoring_elements	0.99925
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12611

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa

reference_url

https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f

reference_url

https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001

reference_url

https://struts.apache.org/docs/s2-053.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-053.html

reference_url

https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829

reference_url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt

reference_url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_url	http://www.securityfocus.com/bid/100829
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100829

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1489478
reference_id	1489478
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1489478

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.33:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1::::::

100

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2::::::

101

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3::::::

102

reference_url	https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py
reference_id	CVE-2017-12611
reference_type	exploit
scores
url	https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py

103

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py
reference_id	CVE-2017-12611
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py

104

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-12611

reference_id

CVE-2017-12611

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-12611

105

reference_url

https://github.com/advisories/GHSA-8fx9-5hx8-crhm

reference_id

GHSA-8fx9-5hx8-crhm

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8fx9-5hx8-crhm

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.10.1

purl pkg:maven/org.apache.struts/struts2-core@2.5.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zkg1-bed6-bbfv

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1

url	pkg:maven/org.apache.struts/struts2-core@2.5.11
purl	pkg:maven/org.apache.struts/struts2-core@2.5.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.11

url pkg:maven/org.apache.struts/struts2-core@2.5.12

purl pkg:maven/org.apache.struts/struts2-core@2.5.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12

aliases CVE-2017-12611, GHSA-8fx9-5hx8-crhm

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-579w-2k2v-efa2

url VCID-5qtg-djvn-97ht

vulnerability_id VCID-5qtg-djvn-97ht

summary In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-8738

reference_id

reference_type

scores

value	0.01107
scoring_system	epss
scoring_elements	0.78063
published_at	2026-04-02T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78075
published_at	2026-04-07T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78093
published_at	2026-04-04T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78137
published_at	2026-04-21T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78144
published_at	2026-04-18T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78145
published_at	2026-04-16T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.7811
published_at	2026-04-13T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78113
published_at	2026-04-12T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78131
published_at	2026-04-11T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78105
published_at	2026-04-09T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78101
published_at	2026-04-08T12:55:00Z

value	0.01107
scoring_system	epss
scoring_elements	0.78055
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-8738

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/554b9dddb0fbd1e581ef577dd62a7c22955ad0f6

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/554b9dddb0fbd1e581ef577dd62a7c22955ad0f6

reference_url

https://security.netapp.com/advisory/ntap-20180629-0003

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180629-0003

reference_url	https://security.netapp.com/advisory/ntap-20180629-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180629-0003/

reference_url

https://struts.apache.org/docs/s2-044.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-044.html

reference_url	http://www.securityfocus.com/bid/94657
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94657

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-8738

reference_id

CVE-2016-8738

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-8738

reference_url

https://github.com/advisories/GHSA-86vq-8qhc-5rqw

reference_id

GHSA-86vq-8qhc-5rqw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-86vq-8qhc-5rqw

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.8

purl pkg:maven/org.apache.struts/struts2-core@2.5.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zkg1-bed6-bbfv

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.8

url pkg:maven/org.apache.struts/struts2-core@2.5.13

purl pkg:maven/org.apache.struts/struts2-core@2.5.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13

aliases CVE-2016-8738, GHSA-86vq-8qhc-5rqw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qtg-djvn-97ht

url VCID-74ab-1p1c-4qbd

vulnerability_id VCID-74ab-1p1c-4qbd

summary In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6795

reference_id

reference_type

scores

value	0.05049
scoring_system	epss
scoring_elements	0.89781
published_at	2026-04-21T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89729
published_at	2026-04-01T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89733
published_at	2026-04-02T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89747
published_at	2026-04-04T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89748
published_at	2026-04-07T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89766
published_at	2026-04-08T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89772
published_at	2026-04-09T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89779
published_at	2026-04-11T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89777
published_at	2026-04-12T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89771
published_at	2026-04-13T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89786
published_at	2026-04-16T12:55:00Z

value	0.05049
scoring_system	epss
scoring_elements	0.89787
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6795

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url	https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129

reference_url

https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab

reference_url

https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14

reference_url

https://security.netapp.com/advisory/ntap-20180629-0003

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180629-0003

reference_url	https://security.netapp.com/advisory/ntap-20180629-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180629-0003/

reference_url

https://struts.apache.org/docs/s2-042.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-042.html

reference_url

https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773

reference_url	http://www.securityfocus.com/bid/93773
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/93773

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6795

reference_id

CVE-2016-6795

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6795

reference_url

https://github.com/advisories/GHSA-44hv-jjx7-qfjg

reference_id

GHSA-44hv-jjx7-qfjg

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-44hv-jjx7-qfjg

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.5

purl pkg:maven/org.apache.struts/struts2-core@2.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-5qtg-djvn-97ht

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zkg1-bed6-bbfv

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.5

aliases CVE-2016-6795, GHSA-44hv-jjx7-qfjg

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-74ab-1p1c-4qbd

url VCID-7c97-nj5a-hqb8

vulnerability_id VCID-7c97-nj5a-hqb8

summary

references

reference_url

http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

reference_url

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5638.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5638.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5638

reference_id

reference_type

scores

value	0.94267
scoring_system	epss
scoring_elements	0.99936
published_at	2026-04-04T12:55:00Z

value	0.94267
scoring_system	epss
scoring_elements	0.99937
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5638

reference_url

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-045

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-045

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-046

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-046

reference_url

https://exploit-db.com/exploits/41570

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://exploit-db.com/exploits/41570

reference_url

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a

reference_url

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228

reference_url

https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a

reference_url

https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a

reference_url	https://github.com/apache/struts/commit/6b8272ce47160036ed120a48345d9aa884477228
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/6b8272ce47160036ed120a48345d9aa884477228

reference_url

https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b

reference_url

https://github.com/mazen160/struts-pwn

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://github.com/mazen160/struts-pwn

reference_url

https://github.com/rapid7/metasploit-framework/issues/8064

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://github.com/rapid7/metasploit-framework/issues/8064

reference_url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us

reference_url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us

reference_url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us

reference_url

https://isc.sans.edu/diary/22169

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://isc.sans.edu/diary/22169

reference_url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E

reference_url

https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html

reference_url

https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt

reference_url

https://security.netapp.com/advisory/ntap-20170310-0001

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20170310-0001

reference_url

https://struts.apache.org/docs/s2-045.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://struts.apache.org/docs/s2-045.html

reference_url

https://struts.apache.org/docs/s2-046.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://struts.apache.org/docs/s2-046.html

reference_url

https://support.lenovo.com/us/en/product_security/len-14200

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://support.lenovo.com/us/en/product_security/len-14200

reference_url

https://twitter.com/theog150/status/841146956135124993

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://twitter.com/theog150/status/841146956135124993

reference_url

https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729

reference_url

https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5638

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5638

reference_url

https://www.exploit-db.com/exploits/41614

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/41614

reference_url

https://www.kb.cert.org/vuls/id/834067

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://www.kb.cert.org/vuls/id/834067

reference_url

https://www.symantec.com/security-center/network-protection-security-advisories/SA145

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://www.symantec.com/security-center/network-protection-security-advisories/SA145

reference_url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt

reference_url

http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url

http://www.securityfocus.com/bid/96729

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://www.securityfocus.com/bid/96729

reference_url

http://www.securitytracker.com/id/1037973

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://www.securitytracker.com/id/1037973

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1430326
reference_id	1430326
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1430326

reference_url

https://www.exploit-db.com/exploits/41614/

reference_id

41614

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://www.exploit-db.com/exploits/41614/

reference_url

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

reference_id

critical-vulnerability-under-massive-attack-imperils-high-impact-sites

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

reference_url	https://github.com/nixawk/labs/tree/17cf725d64f33ef51b820dea4fc1e6133f579d64/CVE-2017-5638
reference_id	CVE-2017-5638
reference_type	exploit
scores
url	https://github.com/nixawk/labs/tree/17cf725d64f33ef51b820dea4fc1e6133f579d64/CVE-2017-5638

reference_url	https://github.com/rapid7/metasploit-framework/blob/173633263853c7717caa658a9b98350b985cda02/modules/exploits/multi/http/struts2_content_type_ognl.rb
reference_id	CVE-2017-5638
reference_type	exploit
scores
url	https://github.com/rapid7/metasploit-framework/blob/173633263853c7717caa658a9b98350b985cda02/modules/exploits/multi/http/struts2_content_type_ognl.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41570.py
reference_id	CVE-2017-5638
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41570.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41614.rb
reference_id	CVE-2017-5638
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41614.rb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5638

reference_id

CVE-2017-5638

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5638

reference_url

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/

reference_id

cve-2017-5638-apache-struts-vulnerability-remote-code-execution

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/

reference_url

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/

reference_id

cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/

reference_url

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2

reference_id

CVE-2017-5638-NEW-REMOTE-CODE-EXECUTION-RCE-VULNERABILITY-IN-APACHE-STRUTS-2

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2

reference_url

https://github.com/advisories/GHSA-j77q-2qqg-6989

reference_id

GHSA-j77q-2qqg-6989

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-j77q-2qqg-6989

reference_url

https://security.netapp.com/advisory/ntap-20170310-0001/

reference_id

ntap-20170310-0001

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/

url

https://security.netapp.com/advisory/ntap-20170310-0001/

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.10.1

purl pkg:maven/org.apache.struts/struts2-core@2.5.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zkg1-bed6-bbfv

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1

aliases CVE-2017-5638, GHSA-j77q-2qqg-6989

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7c97-nj5a-hqb8

url VCID-j8jv-hzsy-nyec

vulnerability_id VCID-j8jv-hzsy-nyec

summary

Apache Struts is Vulnerable to DoS via File Leak
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64775.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64775.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64775

reference_id

reference_type

scores

value	0.00193
scoring_system	epss
scoring_elements	0.41176
published_at	2026-04-21T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41248
published_at	2026-04-18T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41199
published_at	2026-04-07T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41274
published_at	2026-04-04T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41249
published_at	2026-04-08T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41277
published_at	2026-04-16T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41233
published_at	2026-04-13T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41247
published_at	2026-04-12T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41278
published_at	2026-04-11T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41245
published_at	2026-04-02T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41257
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64775

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-068

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:22:57Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-068

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

http://www.openwall.com/lists/oss-security/2025/12/01/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/12/01/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2418059
reference_id	2418059
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2418059

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-64775

reference_id

CVE-2025-64775

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-64775

reference_url

https://github.com/advisories/GHSA-xx7v-hqxh-cjr9

reference_id

GHSA-xx7v-hqxh-cjr9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xx7v-hqxh-cjr9

fixed_packages

url	pkg:maven/org.apache.struts/struts2-core@6.8.0
purl	pkg:maven/org.apache.struts/struts2-core@6.8.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0

url	pkg:maven/org.apache.struts/struts2-core@7.1.1
purl	pkg:maven/org.apache.struts/struts2-core@7.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1

aliases CVE-2025-64775, GHSA-xx7v-hqxh-cjr9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8jv-hzsy-nyec

url VCID-mdde-pa5h-w7g4

vulnerability_id VCID-mdde-pa5h-w7g4

summary In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9804.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9804.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9804

reference_id

reference_type

scores

value	0.04618
scoring_system	epss
scoring_elements	0.89278
published_at	2026-04-18T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89265
published_at	2026-04-13T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89268
published_at	2026-04-12T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89272
published_at	2026-04-21T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89263
published_at	2026-04-09T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89258
published_at	2026-04-08T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89223
published_at	2026-04-02T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89217
published_at	2026-04-01T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89241
published_at	2026-04-07T12:55:00Z

value	0.04618
scoring_system	epss
scoring_elements	0.89238
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9804

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url	https://github.com/apache/struts/commit/3fddfb6eb562d597c935084e9e81d43ed6bcd02
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/3fddfb6eb562d597c935084e9e81d43ed6bcd02

reference_url

https://github.com/apache/struts/commit/418a20c0594f23764fe29ced400c1219239899a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/418a20c0594f23764fe29ced400c1219239899a

reference_url	https://github.com/apache/struts/commit/744c1f409d983641af3e8e3b573c2f2d2c2c6d9
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/744c1f409d983641af3e8e3b573c2f2d2c2c6d9

reference_url	https://github.com/apache/struts/commit/8a04e80f01350c90f053d71366d5e0c2186fded
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/8a04e80f01350c90f053d71366d5e0c2186fded

reference_url	https://github.com/apache/struts/commit/9d47af6ffa355977b5acc713e6d1f25fac260a2
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/9d47af6ffa355977b5acc713e6d1f25fac260a2

reference_url	https://github.com/apache/struts/commit/a05259ed69a5a48379aa91650e4cd1cb4bd6e5a
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/a05259ed69a5a48379aa91650e4cd1cb4bd6e5a

reference_url

https://security.netapp.com/advisory/ntap-20180629-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180629-0001

reference_url	https://security.netapp.com/advisory/ntap-20180629-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180629-0001/

reference_url

https://struts.apache.org/docs/s2-050.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-050.html

reference_url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

reference_url

https://web.archive.org/web/20171113165852/http://www.securityfocus.com/bid/100612

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20171113165852/http://www.securityfocus.com/bid/100612

reference_url

https://web.archive.org/web/20201021075553/http://www.securitytracker.com/id/1039261

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201021075553/http://www.securitytracker.com/id/1039261

reference_url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt

reference_url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_url	http://www.securityfocus.com/bid/100612
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100612

reference_url	http://www.securitytracker.com/id/1039261
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039261

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1488491
reference_id	1488491
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1488491

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.15.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.16.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.33:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.10.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-9804

reference_id

CVE-2017-9804

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-9804

reference_url

https://github.com/advisories/GHSA-x5x7-3v85-wpc4

reference_id

GHSA-x5x7-3v85-wpc4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x5x7-3v85-wpc4

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.13

purl pkg:maven/org.apache.struts/struts2-core@2.5.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13

aliases CVE-2017-9804, GHSA-x5x7-3v85-wpc4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mdde-pa5h-w7g4

url VCID-sf53-bgb2-7ue2

vulnerability_id VCID-sf53-bgb2-7ue2

summary The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.

references

reference_url

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000114

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000114

reference_url

http://jvn.jp/en/jp/JVN12352818/index.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jvn.jp/en/jp/JVN12352818/index.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4465.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4465.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4465

reference_id

reference_type

scores

value	0.10357
scoring_system	epss
scoring_elements	0.93198
published_at	2026-04-13T12:55:00Z

value	0.10357
scoring_system	epss
scoring_elements	0.93197
published_at	2026-04-12T12:55:00Z

value	0.10357
scoring_system	epss
scoring_elements	0.93199
published_at	2026-04-11T12:55:00Z

value	0.10357
scoring_system	epss
scoring_elements	0.93194
published_at	2026-04-09T12:55:00Z

value	0.10357
scoring_system	epss
scoring_elements	0.9319
published_at	2026-04-08T12:55:00Z

value	0.10357
scoring_system	epss
scoring_elements	0.93178
published_at	2026-04-02T12:55:00Z

value	0.10357
scoring_system	epss
scoring_elements	0.93226
published_at	2026-04-21T12:55:00Z

value	0.10357
scoring_system	epss
scoring_elements	0.93219
published_at	2026-04-18T12:55:00Z

value	0.10357
scoring_system	epss
scoring_elements	0.93214
published_at	2026-04-16T12:55:00Z

value	0.10357
scoring_system	epss
scoring_elements	0.93181
published_at	2026-04-07T12:55:00Z

value	0.10357
scoring_system	epss
scoring_elements	0.93183
published_at	2026-04-04T12:55:00Z

value	0.10357
scoring_system	epss
scoring_elements	0.93169
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4465

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1348253

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1348253

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/a0fdca138feec2c2e94eb75ca1f8b76678b4d152

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/a0fdca138feec2c2e94eb75ca1f8b76678b4d152

reference_url

https://github.com/apache/struts/commit/eccc31ebce5430f9e91b9684c63eaaf885e603f9

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/eccc31ebce5430f9e91b9684c63eaaf885e603f9

reference_url

https://struts.apache.org/docs/s2-041.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-041.html

reference_url

http://www-01.ibm.com/support/docview.wss?uid=swg21987854

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=swg21987854

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url	http://www.securityfocus.com/bid/91278
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/91278

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3::::::
reference_id	cpe:2.3:a:apache:struts:2.5:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4465

reference_id

CVE-2016-4465

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4465

reference_url

https://github.com/advisories/GHSA-xg75-68x3-7p3q

reference_id

GHSA-xg75-68x3-7p3q

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xg75-68x3-7p3q

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.1

purl pkg:maven/org.apache.struts/struts2-core@2.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-5qtg-djvn-97ht

vulnerability	VCID-74ab-1p1c-4qbd

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-7c97-nj5a-hqb8

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y4qu-21c9-6fav

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zkg1-bed6-bbfv

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1

url pkg:maven/org.apache.struts/struts2-core@2.5.13

purl pkg:maven/org.apache.struts/struts2-core@2.5.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13

aliases CVE-2016-4465, GHSA-xg75-68x3-7p3q

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sf53-bgb2-7ue2

url VCID-tgd1-s1yg-9fdt

vulnerability_id VCID-tgd1-s1yg-9fdt

summary

Apache Struts 2 is Missing XML Validation
Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-68493

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07712
published_at	2026-04-21T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07615
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0764
published_at	2026-04-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07673
published_at	2026-04-08T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07572
published_at	2026-04-18T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07585
published_at	2026-04-16T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0766
published_at	2026-04-13T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07676
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0769
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07598
published_at	2026-04-02T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07691
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-68493

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-069

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-069

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-68493

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-68493

reference_url

http://www.openwall.com/lists/oss-security/2026/01/11/2

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/01/11/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2428559
reference_id	2428559
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2428559

reference_url

https://github.com/advisories/GHSA-qcfc-hmrc-59x7

reference_id

GHSA-qcfc-hmrc-59x7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qcfc-hmrc-59x7

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@6.1.1

purl pkg:maven/org.apache.struts/struts2-core@6.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.1

aliases CVE-2025-68493, GHSA-qcfc-hmrc-59x7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgd1-s1yg-9fdt

url VCID-y4qu-21c9-6fav

vulnerability_id VCID-y4qu-21c9-6fav

summary When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9787.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9787.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9787

reference_id

reference_type

scores

value	0.08229
scoring_system	epss
scoring_elements	0.92231
published_at	2026-04-21T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92184
published_at	2026-04-01T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92191
published_at	2026-04-02T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92197
published_at	2026-04-04T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.922
published_at	2026-04-07T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92212
published_at	2026-04-08T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92215
published_at	2026-04-09T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92221
published_at	2026-04-11T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92229
published_at	2026-04-18T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.9223
published_at	2026-04-16T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92222
published_at	2026-04-12T12:55:00Z

value	0.08229
scoring_system	epss
scoring_elements	0.92218
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9787

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:P

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/struts/commit/086b63735527d4bb0c1dd0d86a7c0374b825ff2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/086b63735527d4bb0c1dd0d86a7c0374b825ff2

reference_url

https://github.com/apache/struts/commit/0d6442bab5b44d93c4c2e63c5335f0a331333b9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/0d6442bab5b44d93c4c2e63c5335f0a331333b9

reference_url

https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20180706-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180706-0002

reference_url	https://security.netapp.com/advisory/ntap-20180706-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180706-0002/

reference_url

http://struts.apache.org/docs/s2-049.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/docs/s2-049.html

reference_url

https://web.archive.org/web/20170910013819/http://www.securitytracker.com/id/1039115

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170910013819/http://www.securitytracker.com/id/1039115

reference_url

https://web.archive.org/web/20200227144723/http://www.securityfocus.com/bid/99562

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227144723/http://www.securityfocus.com/bid/99562

reference_url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_url	http://www.securityfocus.com/bid/99562
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/99562

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1480608
reference_id	1480608
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1480608

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-9787

reference_id

CVE-2017-9787

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-9787

reference_url

https://github.com/advisories/GHSA-8mr5-h28g-36qx

reference_id

GHSA-8mr5-h28g-36qx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8mr5-h28g-36qx

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.12

purl pkg:maven/org.apache.struts/struts2-core@2.5.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12

aliases CVE-2017-9787, GHSA-8mr5-h28g-36qx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y4qu-21c9-6fav

url VCID-zkg1-bed6-bbfv

vulnerability_id VCID-zkg1-bed6-bbfv

summary If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7672.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7672.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7672

reference_id

reference_type

scores

value	0.01346
scoring_system	epss
scoring_elements	0.80102
published_at	2026-04-21T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.801
published_at	2026-04-18T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.80072
published_at	2026-04-13T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.8008
published_at	2026-04-12T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.80096
published_at	2026-04-11T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.80076
published_at	2026-04-09T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.80028
published_at	2026-04-02T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.80021
published_at	2026-04-01T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.80068
published_at	2026-04-08T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.8004
published_at	2026-04-07T12:55:00Z

value	0.01346
scoring_system	epss
scoring_elements	0.8005
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7672

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url	https://github.com/apache/struts/commit/931df54ab379bf4eb5a625bf05066b8563c3737b
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/931df54ab379bf4eb5a625bf05066b8563c3737b

reference_url

https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20180706-0002

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180706-0002

reference_url	https://security.netapp.com/advisory/ntap-20180706-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180706-0002/

reference_url

http://struts.apache.org/docs/s2-047.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/docs/s2-047.html

reference_url

https://web.archive.org/web/20170907215142/http://www.securitytracker.com/id/1039114

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170907215142/http://www.securitytracker.com/id/1039114

reference_url

https://web.archive.org/web/20200227144724/http://www.securityfocus.com/bid/99563

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227144724/http://www.securityfocus.com/bid/99563

reference_url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html

reference_url	http://www.securityfocus.com/bid/99563
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/99563

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1480614
reference_id	1480614
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1480614

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7672

reference_id

CVE-2017-7672

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7672

reference_url

https://github.com/advisories/GHSA-9gp7-jvm2-r4mx

reference_id

GHSA-9gp7-jvm2-r4mx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9gp7-jvm2-r4mx

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.5.12

purl pkg:maven/org.apache.struts/struts2-core@2.5.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-mdde-pa5h-w7g4

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12

aliases CVE-2017-7672, GHSA-9gp7-jvm2-r4mx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zkg1-bed6-bbfv

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.0

Package Instance