Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/51620?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/51620?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28", "type": "maven", "namespace": "org.apache.struts", "name": "struts2-core", "version": "2.3.28", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.8.0", "latest_non_vulnerable_version": "7.1.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/270595?format=api", "vulnerability_id": "VCID-1tfj-xmkp-bbfr", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53677", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93188", "scoring_system": "epss", "scoring_elements": "0.99807", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53677" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-067", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-12T15:19:19Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-067" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854" }, { "reference_url": "https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78" }, { "reference_url": "https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53677", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53677" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250103-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250103-0005" }, { "reference_url": "https://struts.apache.org/core-developers/file-upload", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/core-developers/file-upload" }, { "reference_url": "https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331686", "reference_id": "2331686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331686" }, { "reference_url": "https://github.com/advisories/GHSA-43mq-6xmg-29vm", "reference_id": "GHSA-43mq-6xmg-29vm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-43mq-6xmg-29vm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/187437?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nfn8-r3bb-kka7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.4.0" } ], "aliases": [ "CVE-2024-53677", "GHSA-43mq-6xmg-29vm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1tfj-xmkp-bbfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9993?format=api", "vulnerability_id": "VCID-1xhe-mz8d-eyem", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94431", "scoring_system": "epss", "scoring_elements": "0.99986", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11776" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-057", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-057" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b" }, { "reference_url": "https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e" }, { "reference_url": "https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72" }, { "reference_url": "https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d" }, { "reference_url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180822-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180822-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181018-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20181018-0002" }, { "reference_url": "https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125" }, { "reference_url": "https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888" }, { "reference_url": "https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776" }, { "reference_url": "https://www.exploit-db.com/exploits/45260", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45260" }, { "reference_url": "https://www.exploit-db.com/exploits/45262", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45262" }, { "reference_url": "https://www.exploit-db.com/exploits/45367", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45367" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "reference_url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "reference_url": "http://www.securityfocus.com/bid/105125", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.securityfocus.com/bid/105125" }, { "reference_url": "http://www.securitytracker.com/id/1041547", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.securitytracker.com/id/1041547" }, { "reference_url": "http://www.securitytracker.com/id/1041888", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.securitytracker.com/id/1041888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620019", "reference_id": "1620019", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620019" }, { "reference_url": "https://www.exploit-db.com/exploits/45260/", "reference_id": "45260", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.exploit-db.com/exploits/45260/" }, { "reference_url": "https://www.exploit-db.com/exploits/45262/", "reference_id": "45262", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.exploit-db.com/exploits/45262/" }, { "reference_url": "https://www.exploit-db.com/exploits/45367/", "reference_id": "45367", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.exploit-db.com/exploits/45367/" }, { "reference_url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py" }, { "reference_url": "https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11776", "reference_id": "CVE-2018-11776", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11776" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb" }, { "reference_url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC", "reference_id": "CVE-2018-11776-PYTHON-POC", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC" }, { "reference_url": "https://github.com/advisories/GHSA-cr6j-3jp9-rw65", "reference_id": "GHSA-cr6j-3jp9-rw65", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cr6j-3jp9-rw65" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180822-0001/", "reference_id": "ntap-20180822-0001", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20180822-0001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55779?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/55780?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.17" } ], "aliases": [ "CVE-2018-11776", "GHSA-cr6j-3jp9-rw65" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xhe-mz8d-eyem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9908?format=api", "vulnerability_id": "VCID-2qup-v76d-8bge", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90587", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4436" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5" }, { "reference_url": "https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4436", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4436" }, { "reference_url": "https://struts.apache.org/docs/s2-035.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-035.html" }, { "reference_url": "https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280" }, { "reference_url": "https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348233", "reference_id": "1348233", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348233" }, { "reference_url": "https://github.com/advisories/GHSA-xm92-v2mq-842q", "reference_id": "GHSA-xm92-v2mq-842q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xm92-v2mq-842q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51748?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/51749?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2rqk-2gkx-dkds" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-tmm5-hrp4-r7hy" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1" } ], "aliases": [ "CVE-2016-4436", "GHSA-xm92-v2mq-842q" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2qup-v76d-8bge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9817?format=api", "vulnerability_id": "VCID-3q92-5sz9-2kd3", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1327", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.9102", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1327" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-056", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-056" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa" }, { "reference_url": "https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4" }, { "reference_url": "https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323" }, { "reference_url": "https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180330-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180330-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180330-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180330-0001/" }, { "reference_url": "https://struts.apache.org/docs/s2-056.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://struts.apache.org/docs/s2-056.html" }, { "reference_url": "https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516" }, { "reference_url": "https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "reference_url": "http://www.securityfocus.com/bid/103516", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103516" }, { "reference_url": "http://www.securitytracker.com/id/1040575", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1040575" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561007", "reference_id": "1561007", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561007" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2018-1327", "reference_id": "CVE-2018-1327", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2018-1327" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1327", "reference_id": "CVE-2018-1327", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1327" }, { "reference_url": "https://github.com/advisories/GHSA-38cr-2ph5-frr9", "reference_id": "GHSA-38cr-2ph5-frr9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-38cr-2ph5-frr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54226?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.16" } ], "aliases": [ "CVE-2018-1327", "GHSA-38cr-2ph5-frr9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3q92-5sz9-2kd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9788?format=api", "vulnerability_id": "VCID-86yh-tym8-f3hh", "summary": "", "references": [ { "reference_url": "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5638.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5638.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5638", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94267", "scoring_system": "epss", "scoring_elements": "0.99938", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5638" }, { "reference_url": "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-045", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-045" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-046", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-046" }, { "reference_url": "https://exploit-db.com/exploits/41570", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://exploit-db.com/exploits/41570" }, { "reference_url": "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a" }, { "reference_url": "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228" }, { "reference_url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a" }, { "reference_url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a" }, { "reference_url": "https://github.com/apache/struts/commit/6b8272ce47160036ed120a48345d9aa884477228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/6b8272ce47160036ed120a48345d9aa884477228" }, { "reference_url": "https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b" }, { "reference_url": "https://github.com/mazen160/struts-pwn", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://github.com/mazen160/struts-pwn" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/issues/8064", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://github.com/rapid7/metasploit-framework/issues/8064" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us" }, { "reference_url": "https://isc.sans.edu/diary/22169", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://isc.sans.edu/diary/22169" }, { "reference_url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html" }, { "reference_url": "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20170310-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20170310-0001" }, { "reference_url": "https://struts.apache.org/docs/s2-045.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://struts.apache.org/docs/s2-045.html" }, { "reference_url": "https://struts.apache.org/docs/s2-046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://struts.apache.org/docs/s2-046.html" }, { "reference_url": "https://support.lenovo.com/us/en/product_security/len-14200", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://support.lenovo.com/us/en/product_security/len-14200" }, { "reference_url": "https://twitter.com/theog150/status/841146956135124993", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://twitter.com/theog150/status/841146956135124993" }, { "reference_url": "https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729" }, { "reference_url": "https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5638", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5638" }, { "reference_url": "https://www.exploit-db.com/exploits/41614", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/41614" }, { "reference_url": "https://www.kb.cert.org/vuls/id/834067", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://www.kb.cert.org/vuls/id/834067" }, { "reference_url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA145", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA145" }, { "reference_url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt" }, { "reference_url": "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "reference_url": "http://www.securityfocus.com/bid/96729", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://www.securityfocus.com/bid/96729" }, { "reference_url": "http://www.securitytracker.com/id/1037973", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://www.securitytracker.com/id/1037973" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430326", "reference_id": "1430326", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430326" }, { "reference_url": "https://www.exploit-db.com/exploits/41614/", "reference_id": "41614", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://www.exploit-db.com/exploits/41614/" }, { "reference_url": "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/", "reference_id": "critical-vulnerability-under-massive-attack-imperils-high-impact-sites", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/" }, { "reference_url": "https://github.com/nixawk/labs/tree/17cf725d64f33ef51b820dea4fc1e6133f579d64/CVE-2017-5638", "reference_id": "CVE-2017-5638", "reference_type": "exploit", "scores": [], "url": "https://github.com/nixawk/labs/tree/17cf725d64f33ef51b820dea4fc1e6133f579d64/CVE-2017-5638" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/blob/173633263853c7717caa658a9b98350b985cda02/modules/exploits/multi/http/struts2_content_type_ognl.rb", "reference_id": "CVE-2017-5638", "reference_type": "exploit", "scores": [], "url": "https://github.com/rapid7/metasploit-framework/blob/173633263853c7717caa658a9b98350b985cda02/modules/exploits/multi/http/struts2_content_type_ognl.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41570.py", "reference_id": "CVE-2017-5638", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41570.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41614.rb", "reference_id": "CVE-2017-5638", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41614.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5638", "reference_id": "CVE-2017-5638", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5638" }, { "reference_url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/", "reference_id": "cve-2017-5638-apache-struts-vulnerability-remote-code-execution", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/" }, { "reference_url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution", "reference_id": "CVE-2017-5638-APACHE-STRUTS-VULNERABILITY-REMOTE-CODE-EXECUTION", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution" }, { "reference_url": "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/", "reference_id": "cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/" }, { "reference_url": "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2", "reference_id": "CVE-2017-5638-NEW-REMOTE-CODE-EXECUTION-RCE-VULNERABILITY-IN-APACHE-STRUTS-2", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2" }, { "reference_url": "https://github.com/advisories/GHSA-j77q-2qqg-6989", "reference_id": "GHSA-j77q-2qqg-6989", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j77q-2qqg-6989" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20170310-0001/", "reference_id": "ntap-20170310-0001", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20170310-0001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52698?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/52699?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-tmm5-hrp4-r7hy" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1" } ], "aliases": [ "CVE-2017-5638", "GHSA-j77q-2qqg-6989" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86yh-tym8-f3hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10093?format=api", "vulnerability_id": "VCID-8zze-44sk-audx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96227", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3082" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f" }, { "reference_url": "http://struts.apache.org/docs/s2-031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-031.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3082", "reference_id": "CVE-2016-3082", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3082" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51622?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1" } ], "aliases": [ "CVE-2016-3082", "GHSA-pvm9-288c-v5wq" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8zze-44sk-audx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10206?format=api", "vulnerability_id": "VCID-aaet-jdfc-mbek", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04732", "scoring_system": "epss", "scoring_elements": "0.89574", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6795" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129" }, { "reference_url": "https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab" }, { "reference_url": "https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180629-0003/" }, { "reference_url": "https://struts.apache.org/docs/s2-042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-042.html" }, { "reference_url": "https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773" }, { "reference_url": "http://www.securityfocus.com/bid/93773", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/93773" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6795", "reference_id": "CVE-2016-6795", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6795" }, { "reference_url": "https://github.com/advisories/GHSA-44hv-jjx7-qfjg", "reference_id": "GHSA-44hv-jjx7-qfjg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-44hv-jjx7-qfjg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61878?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2rqk-2gkx-dkds" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-tmm5-hrp4-r7hy" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.5" } ], "aliases": [ "CVE-2016-6795", "GHSA-44hv-jjx7-qfjg" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aaet-jdfc-mbek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17814?format=api", "vulnerability_id": "VCID-b4nv-2pd9-pqdw", "summary": "Apache Struts vulnerable to memory exhaustion\nDenial of service via out of memory (OOM) owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.\n\nUpgrade to Struts 2.5.31 or 6.1.2.1 or greater", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34396", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31042", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34396" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-064", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-064" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21" }, { "reference_url": "https://github.com/apache/struts/releases/tag/STRUTS_2_5_31", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/releases/tag/STRUTS_2_5_31" }, { "reference_url": "https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0005" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/06/14/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/06/14/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34396", "reference_id": "CVE-2023-34396", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34396" }, { "reference_url": "https://github.com/advisories/GHSA-4g42-gqrg-4633", "reference_id": "GHSA-4g42-gqrg-4633", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4g42-gqrg-4633" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0005/", "reference_id": "ntap-20230706-0005", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64296?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/64297?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1" } ], "aliases": [ "CVE-2023-34396", "GHSA-4g42-gqrg-4633" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b4nv-2pd9-pqdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14889?format=api", "vulnerability_id": "VCID-ce3p-yaze-v7fy", "summary": "Remote code execution in Apache Struts\nForced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.", "references": [ { "reference_url": "http://jvn.jp/en/jp/JVN43969166/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "http://jvn.jp/en/jp/JVN43969166/index.html" }, { "reference_url": "http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94373", "scoring_system": "epss", "scoring_elements": "0.99967", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17530" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-061", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-061" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210115-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210115-0005" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/04/12/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/04/12/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905645", "reference_id": "1905645", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905645" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17530", "reference_id": "CVE-2020-17530", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17530" }, { "reference_url": "https://github.com/advisories/GHSA-jc35-q369-45pv", "reference_id": "GHSA-jc35-q369-45pv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jc35-q369-45pv" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210115-0005/", "reference_id": "ntap-20210115-0005", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210115-0005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59402?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.26" } ], "aliases": [ "CVE-2020-17530", "GHSA-jc35-q369-45pv" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ce3p-yaze-v7fy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10074?format=api", "vulnerability_id": "VCID-d7b9-rv1g-qkfp", "summary": "", "references": [ { "reference_url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000114", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000114" }, { "reference_url": "http://jvn.jp/en/jp/JVN12352818/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN12352818/index.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4465.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.9332", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4465" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348253", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348253" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/a0fdca138feec2c2e94eb75ca1f8b76678b4d152", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/a0fdca138feec2c2e94eb75ca1f8b76678b4d152" }, { "reference_url": "https://github.com/apache/struts/commit/eccc31ebce5430f9e91b9684c63eaaf885e603f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/eccc31ebce5430f9e91b9684c63eaaf885e603f9" }, { "reference_url": "https://struts.apache.org/docs/s2-041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-041.html" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4465", "reference_id": "CVE-2016-4465", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4465" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51748?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/51749?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2rqk-2gkx-dkds" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-tmm5-hrp4-r7hy" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53060?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13" } ], "aliases": [ "CVE-2016-4465", "GHSA-xg75-68x3-7p3q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7b9-rv1g-qkfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9804?format=api", "vulnerability_id": "VCID-f4kx-q41m-5qer", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12611", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94228", "scoring_system": "epss", "scoring_elements": "0.99929", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12611" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa" }, { "reference_url": "https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f" }, { "reference_url": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001" }, { "reference_url": "https://struts.apache.org/docs/s2-053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-053.html" }, { "reference_url": "https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829" }, { "reference_url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" }, { "reference_url": "http://www.securityfocus.com/bid/100829", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100829" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489478", "reference_id": "1489478", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489478" }, { "reference_url": "https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py", "reference_id": "CVE-2017-12611", "reference_type": "exploit", "scores": [], "url": "https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py", "reference_id": "CVE-2017-12611", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12611", "reference_id": "CVE-2017-12611", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12611" }, { "reference_url": "https://github.com/advisories/GHSA-8fx9-5hx8-crhm", "reference_id": "GHSA-8fx9-5hx8-crhm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8fx9-5hx8-crhm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53059?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/52699?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-tmm5-hrp4-r7hy" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73935?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52701?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12" } ], "aliases": [ "CVE-2017-12611", "GHSA-8fx9-5hx8-crhm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f4kx-q41m-5qer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10078?format=api", "vulnerability_id": "VCID-fdat-drnp-yudv", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3087.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3087.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3087", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.87007", "scoring_system": "epss", "scoring_elements": "0.99453", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3087" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f" }, { "reference_url": "https://github.com/apache/struts/commit/98d2692e434fe7f4d445ade24fe2c9860de1c13f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/98d2692e434fe7f4d445ade24fe2c9860de1c13f" }, { "reference_url": "http://struts.apache.org/docs/s2-033.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-033.html" }, { "reference_url": "https://web.archive.org/web/20160616082237/http://www.securitytracker.com/id/1036017", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160616082237/http://www.securitytracker.com/id/1036017" }, { "reference_url": "https://web.archive.org/web/20160728170709/http://www.securityfocus.com/bid/90960", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160728170709/http://www.securityfocus.com/bid/90960" }, { "reference_url": "https://www.exploit-db.com/exploits/39919", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/39919" }, { "reference_url": "https://www.exploit-db.com/exploits/39919/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/39919/" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341674", "reference_id": "1341674", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341674" }, { "reference_url": "https://github.com/nixawk/labs/blob/bf31676e55f0010adf9634269f86a61cc44e7102/CVE-2016-3087/", "reference_id": "CVE-2016-3087", "reference_type": "exploit", "scores": [], "url": "https://github.com/nixawk/labs/blob/bf31676e55f0010adf9634269f86a61cc44e7102/CVE-2016-3087/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/39919.rb", "reference_id": "CVE-2016-3087", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/39919.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/43382.py", "reference_id": "CVE-2016-3087", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/43382.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3087", "reference_id": "CVE-2016-3087", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3087" }, { "reference_url": "https://github.com/advisories/GHSA-mmj6-cjj4-hpr5", "reference_id": "GHSA-mmj6-cjj4-hpr5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mmj6-cjj4-hpr5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51622?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1" } ], "aliases": [ "CVE-2016-3087", "GHSA-mmj6-cjj4-hpr5" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fdat-drnp-yudv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15596?format=api", "vulnerability_id": "VCID-fmf4-k1py-g7fh", "summary": "Unrestricted Upload of File with Dangerous Type\nA local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1592", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69462", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1592" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-5055", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-5055" }, { "reference_url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://seclists.org/bugtraq/2012/Mar/110", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2012/Mar/110" }, { "reference_url": "https://struts.apache.org/security/#internal-security-mechanism", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/security/#internal-security-mechanism" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2012/03/28/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2012/03/28/12" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/28/12", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/03/28/12" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2012-1592", "reference_id": "CVE-2012-1592", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2012-1592" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1592", "reference_id": "CVE-2012-1592", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1592" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2012-1592", "reference_id": "CVE-2012-1592", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1592" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml", "reference_id": "CVE-2012-1592;OSVDB-80547", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml" }, { "reference_url": "https://www.securityfocus.com/bid/52702/info", "reference_id": "CVE-2012-1592;OSVDB-80547", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/52702/info" }, { "reference_url": "https://github.com/advisories/GHSA-8m5q-crqq-6pmf", "reference_id": "GHSA-8m5q-crqq-6pmf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8m5q-crqq-6pmf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58678?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22" } ], "aliases": [ "CVE-2012-1592", "GHSA-8m5q-crqq-6pmf" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fmf4-k1py-g7fh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16317?format=api", "vulnerability_id": "VCID-hszd-513t-xucj", "summary": "Apache Struts forced double OGNL evaluation\nApache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a \"%{}\" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82619", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4461" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0004" }, { "reference_url": "https://struts.apache.org/docs/s2-036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-036.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4461", "reference_id": "CVE-2016-4461", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4461" }, { "reference_url": "https://github.com/advisories/GHSA-864w-r5qj-h6fj", "reference_id": "GHSA-864w-r5qj-h6fj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-864w-r5qj-h6fj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51748?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29" } ], "aliases": [ "CVE-2016-4461", "GHSA-864w-r5qj-h6fj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hszd-513t-xucj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15495?format=api", "vulnerability_id": "VCID-jyrs-6kjh-3qfa", "summary": "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')\nThe fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31805", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93788", "scoring_system": "epss", "scoring_elements": "0.99865", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31805" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-062", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-062" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220420-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220420-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220420-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220420-0001/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/04/12/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/04/12/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074788", "reference_id": "2074788", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074788" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31805", "reference_id": "CVE-2021-31805", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31805" }, { "reference_url": "https://github.com/advisories/GHSA-v8j6-6c2r-r27c", "reference_id": "GHSA-v8j6-6c2r-r27c", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v8j6-6c2r-r27c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60334?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.30" } ], "aliases": [ "CVE-2021-31805", "GHSA-v8j6-6c2r-r27c" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jyrs-6kjh-3qfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22068?format=api", "vulnerability_id": "VCID-mxqs-9njm-hbhq", "summary": "Apache Struts 2 is Missing XML Validation\nMissing XML Validation vulnerability in Apache Struts, Apache Struts.\n\nThis issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.\n\nUsers are recommended to upgrade to version 6.1.1, which fixes the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68493", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.1023", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68493" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-069", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-069" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/01/11/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/01/11/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428559", "reference_id": "2428559", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428559" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68493", "reference_id": "CVE-2025-68493", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68493" }, { "reference_url": "https://github.com/advisories/GHSA-qcfc-hmrc-59x7", "reference_id": "GHSA-qcfc-hmrc-59x7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qcfc-hmrc-59x7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/111057?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/72104?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.1" } ], "aliases": [ "CVE-2025-68493", "GHSA-qcfc-hmrc-59x7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxqs-9njm-hbhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9774?format=api", "vulnerability_id": "VCID-n7x9-wj56-a7gr", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9804.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9804.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.89435", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9804" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/3fddfb6eb562d597c935084e9e81d43ed6bcd02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/3fddfb6eb562d597c935084e9e81d43ed6bcd02" }, { "reference_url": "https://github.com/apache/struts/commit/418a20c0594f23764fe29ced400c1219239899a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/418a20c0594f23764fe29ced400c1219239899a" }, { "reference_url": "https://github.com/apache/struts/commit/744c1f409d983641af3e8e3b573c2f2d2c2c6d9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/744c1f409d983641af3e8e3b573c2f2d2c2c6d9" }, { "reference_url": "https://github.com/apache/struts/commit/8a04e80f01350c90f053d71366d5e0c2186fded", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/8a04e80f01350c90f053d71366d5e0c2186fded" }, { "reference_url": "https://github.com/apache/struts/commit/9d47af6ffa355977b5acc713e6d1f25fac260a2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/9d47af6ffa355977b5acc713e6d1f25fac260a2" }, { "reference_url": "https://github.com/apache/struts/commit/a05259ed69a5a48379aa91650e4cd1cb4bd6e5a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/a05259ed69a5a48379aa91650e4cd1cb4bd6e5a" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180629-0001/" }, { "reference_url": "https://struts.apache.org/docs/s2-050.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-050.html" }, { "reference_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2" }, { "reference_url": "https://web.archive.org/web/20171113165852/http://www.securityfocus.com/bid/100612", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20171113165852/http://www.securityfocus.com/bid/100612" }, { "reference_url": "https://web.archive.org/web/20201021075553/http://www.securitytracker.com/id/1039261", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201021075553/http://www.securitytracker.com/id/1039261" }, { "reference_url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" }, { "reference_url": "http://www.securityfocus.com/bid/100612", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100612" }, { "reference_url": "http://www.securitytracker.com/id/1039261", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039261" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488491", "reference_id": "1488491", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488491" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9804", "reference_id": "CVE-2017-9804", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9804" }, { "reference_url": "https://github.com/advisories/GHSA-x5x7-3v85-wpc4", "reference_id": "GHSA-x5x7-3v85-wpc4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x5x7-3v85-wpc4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53059?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/53060?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13" } ], "aliases": [ "CVE-2017-9804", "GHSA-x5x7-3v85-wpc4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n7x9-wj56-a7gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14411?format=api", "vulnerability_id": "VCID-nb8f-hdtw-9fdk", "summary": "Improperly Controlled Modification of Dynamically-Determined Object Attributes\nApache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html" }, { "reference_url": "http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93849", "scoring_system": "epss", "scoring_elements": "0.99875", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0230" }, { "reference_url": "https://cwiki.apache.org/confluence/display/ww/s2-059", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/ww/s2-059" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://launchpad.support.sap.com/#/notes/2982840", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.support.sap.com/#/notes/2982840" }, { "reference_url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869672", "reference_id": "1869672", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869672" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py", "reference_id": "CVE-2019-0230", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0230", "reference_id": "CVE-2019-0230", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0230" }, { "reference_url": "https://github.com/advisories/GHSA-wp4h-pvgw-5727", "reference_id": "GHSA-wp4h-pvgw-5727", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wp4h-pvgw-5727" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58678?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22" } ], "aliases": [ "CVE-2019-0230", "GHSA-wp4h-pvgw-5727" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nb8f-hdtw-9fdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21799?format=api", "vulnerability_id": "VCID-nfn8-r3bb-kka7", "summary": "Apache Struts has a Denial of Service vulnerability\nDenial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.\n\nThis issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.\n\nUsers are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42101", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66675" }, { "reference_url": "https://cve.org/CVERecord?id=CVE-2025-64775", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/" } ], "url": "https://cve.org/CVERecord?id=CVE-2025-64775" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-068", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-068" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66675", "reference_id": "CVE-2025-66675", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66675" }, { "reference_url": "https://github.com/advisories/GHSA-rg58-xhh7-mqjw", "reference_id": "GHSA-rg58-xhh7-mqjw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rg58-xhh7-mqjw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71474?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.8.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/71475?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@7.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1" } ], "aliases": [ "CVE-2025-66675", "GHSA-rg58-xhh7-mqjw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nfn8-r3bb-kka7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10165?format=api", "vulnerability_id": "VCID-q9p6-sxpv-g7gp", "summary": "", "references": [ { "reference_url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110" }, { "reference_url": "http://jvn.jp/en/jp/JVN07710476/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN07710476/index.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.9837", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4438" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348238", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348238" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c" }, { "reference_url": "https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d" }, { "reference_url": "https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c" }, { "reference_url": "https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b" }, { "reference_url": "https://struts.apache.org/docs/s2-037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-037.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4438", "reference_id": "CVE-2016-4438", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4438" }, { "reference_url": "https://github.com/advisories/GHSA-4prj-vw9j-v6pr", "reference_id": "GHSA-4prj-vw9j-v6pr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4prj-vw9j-v6pr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51748?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29" } ], "aliases": [ "CVE-2016-4438", "GHSA-4prj-vw9j-v6pr" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9p6-sxpv-g7gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17800?format=api", "vulnerability_id": "VCID-rxsu-5hkz-ube8", "summary": "Apache Struts vulnerable to memory exhaustion\nDenial of service via out of memory (OOM) owing to not properly checking of list bounds. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.\n\nUpgrade to Struts 2.5.31 or 6.1.2.1 or greater.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34149", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20766", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34149" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-063", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-063" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21" }, { "reference_url": "https://github.com/apache/struts/releases/tag/STRUTS_2_5_31", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/releases/tag/STRUTS_2_5_31" }, { "reference_url": "https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0005" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/06/14/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/06/14/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34149", "reference_id": "CVE-2023-34149", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34149" }, { "reference_url": "https://github.com/advisories/GHSA-8f6x-v685-g2xc", "reference_id": "GHSA-8f6x-v685-g2xc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8f6x-v685-g2xc" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0005/", "reference_id": "ntap-20230706-0005", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64296?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/64297?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1" } ], "aliases": [ "CVE-2023-34149", "GHSA-8f6x-v685-g2xc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rxsu-5hkz-ube8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135659?format=api", "vulnerability_id": "VCID-t9vy-6y7q-e3ac", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.92087", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0233" }, { "reference_url": "https://cwiki.apache.org/confluence/display/ww/s2-060", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/ww/s2-060" }, { "reference_url": "https://launchpad.support.sap.com/#/notes/2982840", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.support.sap.com/#/notes/2982840" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0233", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0233" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869682", "reference_id": "1869682", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869682" }, { "reference_url": "https://github.com/advisories/GHSA-ccp5-gg58-pxfm", "reference_id": "GHSA-ccp5-gg58-pxfm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ccp5-gg58-pxfm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58678?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22" } ], "aliases": [ "CVE-2019-0233", "GHSA-ccp5-gg58-pxfm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t9vy-6y7q-e3ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18992?format=api", "vulnerability_id": "VCID-uza5-qvgq-a3gm", "summary": "Files or Directories Accessible to External Parties\nAn attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.\nUsers are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92896", "scoring_system": "epss", "scoring_elements": "0.99777", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50164" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-066", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-066" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163" }, { "reference_url": "https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6" }, { "reference_url": "https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231214-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231214-0010" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/12/07/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2023/12/07/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/07/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/07/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253938", "reference_id": "2253938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253938" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50164", "reference_id": "CVE-2023-50164", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50164" }, { "reference_url": "https://github.com/advisories/GHSA-2j39-qcjm-428w", "reference_id": "GHSA-2j39-qcjm-428w", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2j39-qcjm-428w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66888?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-vjz7-vh5w-aygh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/66889?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.3.0.2" } ], "aliases": [ "CVE-2023-50164", "GHSA-2j39-qcjm-428w" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uza5-qvgq-a3gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10167?format=api", "vulnerability_id": "VCID-vurd-7tee-e7a9", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93973", "scoring_system": "epss", "scoring_elements": "0.99893", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3081" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/f238cf4f1091be19fbcfd086b042c86a1bcaa7fc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/f238cf4f1091be19fbcfd086b042c86a1bcaa7fc" }, { "reference_url": "https://struts.apache.org/docs/s2-032.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-032.html" }, { "reference_url": "https://web.archive.org/web/20210123152457/http://www.securityfocus.com/bid/91787", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123152457/http://www.securityfocus.com/bid/91787" }, { "reference_url": "https://web.archive.org/web/20210225192113/http://www.securityfocus.com/bid/87327", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210225192113/http://www.securityfocus.com/bid/87327" }, { "reference_url": "https://web.archive.org/web/20210226011418/http://www.securitytracker.com/id/1035665", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210226011418/http://www.securitytracker.com/id/1035665" }, { "reference_url": "https://www.exploit-db.com/exploits/39756", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/39756" }, { "reference_url": "https://www.exploit-db.com/exploits/39756/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/39756/" }, { "reference_url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-en", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-en" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "reference_url": "http://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exec", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exec" }, { "reference_url": "http://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_exec", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_exec" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/39756.rb", "reference_id": "CVE-2016-3081", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/39756.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3081", "reference_id": "CVE-2016-3081", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3081" }, { "reference_url": "https://github.com/advisories/GHSA-8c6j-ffmf-q6vm", "reference_id": "GHSA-8c6j-ffmf-q6vm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8c6j-ffmf-q6vm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51622?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1" } ], "aliases": [ "CVE-2016-3081", "GHSA-8c6j-ffmf-q6vm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vurd-7tee-e7a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10010?format=api", "vulnerability_id": "VCID-ycjb-zszd-4ufy", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9787.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9787.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9787", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92345", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9787" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts/commit/086b63735527d4bb0c1dd0d86a7c0374b825ff2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/086b63735527d4bb0c1dd0d86a7c0374b825ff2" }, { "reference_url": "https://github.com/apache/struts/commit/0d6442bab5b44d93c4c2e63c5335f0a331333b9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/0d6442bab5b44d93c4c2e63c5335f0a331333b9" }, { "reference_url": "https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180706-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180706-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180706-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180706-0002/" }, { "reference_url": "http://struts.apache.org/docs/s2-049.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-049.html" }, { "reference_url": "https://web.archive.org/web/20170910013819/http://www.securitytracker.com/id/1039115", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170910013819/http://www.securitytracker.com/id/1039115" }, { "reference_url": "https://web.archive.org/web/20200227144723/http://www.securityfocus.com/bid/99562", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227144723/http://www.securityfocus.com/bid/99562" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" }, { "reference_url": "http://www.securityfocus.com/bid/99562", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/99562" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480608", "reference_id": "1480608", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480608" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9787", "reference_id": "CVE-2017-9787", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9787" }, { "reference_url": "https://github.com/advisories/GHSA-8mr5-h28g-36qx", "reference_id": "GHSA-8mr5-h28g-36qx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8mr5-h28g-36qx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52700?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/52701?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12" } ], "aliases": [ "CVE-2017-9787", "GHSA-8mr5-h28g-36qx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ycjb-zszd-4ufy" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9758?format=api", "vulnerability_id": "VCID-ee2d-r8vy-skhq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.79528", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2162" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java" }, { "reference_url": "https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2162", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2162" }, { "reference_url": "http://struts.apache.org/docs/s2-030.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-030.html" }, { "reference_url": "https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070" }, { "reference_url": "https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326724", "reference_id": "1326724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326724" }, { "reference_url": "https://github.com/advisories/GHSA-2j4q-9fff-236j", "reference_id": "GHSA-2j4q-9fff-236j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2j4q-9fff-236j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51620?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28" } ], "aliases": [ "CVE-2016-2162", "GHSA-2j4q-9fff-236j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ee2d-r8vy-skhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9966?format=api", "vulnerability_id": "VCID-ev69-3d1j-nuac", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85946", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4003" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc" }, { "reference_url": "https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9" }, { "reference_url": "https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e" }, { "reference_url": "https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2" }, { "reference_url": "https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4507", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4507" }, { "reference_url": "http://struts.apache.org/docs/s2-028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-028.html" }, { "reference_url": "https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311" }, { "reference_url": "https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268" }, { "reference_url": "http://www.securityfocus.com/bid/86311", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/86311" }, { "reference_url": "http://www.securitytracker.com/id/1035268", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035268" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326725", "reference_id": "1326725", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326725" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4003", "reference_id": "CVE-2016-4003", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4003" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51574?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51620?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28" } ], "aliases": [ "CVE-2016-4003", "GHSA-m3x6-9v6h-4g28" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ev69-3d1j-nuac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9782?format=api", "vulnerability_id": "VCID-pjw9-sxen-b3cu", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95244", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0785" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364" }, { "reference_url": "http://struts.apache.org/docs/s2-029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-029.html" }, { "reference_url": "https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066" }, { "reference_url": "https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326720", "reference_id": "1326720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326720" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0785", "reference_id": "CVE-2016-0785", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0785" }, { "reference_url": "https://github.com/advisories/GHSA-876p-4wgc-75rx", "reference_id": "GHSA-876p-4wgc-75rx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-876p-4wgc-75rx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51621?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51574?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51620?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28" } ], "aliases": [ "CVE-2016-0785", "GHSA-876p-4wgc-75rx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjw9-sxen-b3cu" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28" }