Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-evh9-mua1-2bem

Summary

XWork ParameterInterceptors bypass allows remote command execution
The OGNL extensive expression evaluation capability in this package as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive allowlist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the `#context`, `#_memberAccess`, `#root`, `#this`, `#_typeResolver`, `#_classResolver`, `#_traceEvaluations`, `#_lastEvaluation`, `#_keepLastEvaluation`, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.

Aliases

alias	CVE-2010-1870

alias	GHSA-x5fc-pgpx-59j5

Fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.2.1

purl pkg:maven/org.apache.struts/struts2-core@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.1

Affected_packages

url pkg:maven/org.apache.struts/struts2-core@2-alpha0

purl pkg:maven/org.apache.struts/struts2-core@2-alpha0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-z1gf-169n-m3af

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2-alpha0

url pkg:maven/org.apache.struts/struts2-core@2.0.5

purl pkg:maven/org.apache.struts/struts2-core@2.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-d8as-n8hc-j3fj

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-skbn-jggt-uffg

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.5

url pkg:maven/org.apache.struts/struts2-core@2.0.6

purl pkg:maven/org.apache.struts/struts2-core@2.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-d8as-n8hc-j3fj

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-skbn-jggt-uffg

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.6

url pkg:maven/org.apache.struts/struts2-core@2.0.8

purl pkg:maven/org.apache.struts/struts2-core@2.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-d8as-n8hc-j3fj

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-skbn-jggt-uffg

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.8

url pkg:maven/org.apache.struts/struts2-core@2.0.9

purl pkg:maven/org.apache.struts/struts2-core@2.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-d8as-n8hc-j3fj

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-skbn-jggt-uffg

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.9

url pkg:maven/org.apache.struts/struts2-core@2.0.11

purl pkg:maven/org.apache.struts/struts2-core@2.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-d8as-n8hc-j3fj

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-skbn-jggt-uffg

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.11

url pkg:maven/org.apache.struts/struts2-core@2.0.11.1

purl pkg:maven/org.apache.struts/struts2-core@2.0.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-d8as-n8hc-j3fj

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.11.1

url pkg:maven/org.apache.struts/struts2-core@2.0.11.2

purl pkg:maven/org.apache.struts/struts2-core@2.0.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-d8as-n8hc-j3fj

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.11.2

url pkg:maven/org.apache.struts/struts2-core@2.0.12

purl pkg:maven/org.apache.struts/struts2-core@2.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.12

url pkg:maven/org.apache.struts/struts2-core@2.0.14

purl pkg:maven/org.apache.struts/struts2-core@2.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.14

url pkg:maven/org.apache.struts/struts2-core@2.1.2

purl pkg:maven/org.apache.struts/struts2-core@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-d8as-n8hc-j3fj

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.2

url pkg:maven/org.apache.struts/struts2-core@2.1.6

purl pkg:maven/org.apache.struts/struts2-core@2.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.6

url pkg:maven/org.apache.struts/struts2-core@2.1.8

purl pkg:maven/org.apache.struts/struts2-core@2.1.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.8

url pkg:maven/org.apache.struts/struts2-core@2.1.8.1

purl pkg:maven/org.apache.struts/struts2-core@2.1.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2chz-36wn-9fcv

vulnerability	VCID-2rjv-1thm-dugt

vulnerability	VCID-2v7h-fght-cugn

vulnerability	VCID-3yq7-n972-j7dh

vulnerability	VCID-4agy-6nsx-7ufh

vulnerability	VCID-579w-2k2v-efa2

vulnerability	VCID-6241-shkt-s7ew

vulnerability	VCID-6hrc-fm64-ckhf

vulnerability	VCID-6t1x-s2k2-b7bq

vulnerability	VCID-759g-hsfg-97f8

vulnerability	VCID-79j9-v8gz-rfax

vulnerability	VCID-87fh-rvvb-6ubq

vulnerability	VCID-8bsh-bshc-vkgq

vulnerability	VCID-8mws-fbmg-cqa9

vulnerability	VCID-95ts-vpk6-uubg

vulnerability	VCID-at5c-f8p8-67fh

vulnerability	VCID-b59n-uxft-4qgz

vulnerability	VCID-b7zy-qhz9-tuar

vulnerability	VCID-bgbt-j1n9-6yg5

vulnerability	VCID-cm62-bsdz-yye2

vulnerability	VCID-dk2f-14xj-9bf8

vulnerability	VCID-evh9-mua1-2bem

vulnerability	VCID-fv6w-cdtc-kkhx

vulnerability	VCID-gfxq-vtry-bqgg

vulnerability	VCID-gv5f-auvz-5fda

vulnerability	VCID-h4yg-zrv6-aqa1

vulnerability	VCID-hgj2-vqzn-gyeb

vulnerability	VCID-hkjh-35ye-1ugj

vulnerability	VCID-j5su-cnqd-6yad

vulnerability	VCID-k6mz-k1yb-4uej

vulnerability	VCID-kdsa-599r-eud7

vulnerability	VCID-me84-wy85-hkf5

vulnerability	VCID-n2dn-bnjc-13gp

vulnerability	VCID-n4fb-crnk-eugz

vulnerability	VCID-nmgp-r7hb-5ke1

vulnerability	VCID-q96z-v3bs-k3dg

vulnerability	VCID-qqm4-frqy-bua5

vulnerability	VCID-r28t-sdc5-kbga

vulnerability	VCID-tcaj-6bcg-k7g2

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-vgp6-jxqt-pbf4

vulnerability	VCID-vkb9-11h4-dugp

vulnerability	VCID-vnkw-9fa2-zqcm

vulnerability	VCID-x65e-31g3-77bp

vulnerability	VCID-xz41-1z86-37ew

vulnerability	VCID-y5uq-a6dx-3yd4

vulnerability	VCID-ygbu-vb2t-jqhx

vulnerability	VCID-z1gf-169n-m3af

vulnerability	VCID-zb3c-gnyc-yug8

vulnerability	VCID-zxww-8kb3-tufv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.8.1

References

reference_url

http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html

reference_url

http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16

reference_url

http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1870.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1870.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-1870

reference_id

reference_type

scores

value	0.92533
scoring_system	epss
scoring_elements	0.99735
published_at	2026-04-02T12:55:00Z

value	0.92533
scoring_system	epss
scoring_elements	0.99739
published_at	2026-04-18T12:55:00Z

value	0.92533
scoring_system	epss
scoring_elements	0.99738
published_at	2026-04-13T12:55:00Z

value	0.92533
scoring_system	epss
scoring_elements	0.99736
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-1870

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-003

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-003

reference_url

http://seclists.org/fulldisclosure/2010/Jul/183

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2010/Jul/183

reference_url

http://seclists.org/fulldisclosure/2020/Oct/23

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2020/Oct/23

reference_url	http://secunia.com/advisories/59110
reference_id
reference_type
scores
url	http://secunia.com/advisories/59110

reference_url	http://securityreason.com/securityalert/8345
reference_id
reference_type
scores
url	http://securityreason.com/securityalert/8345

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-1870

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2010-1870

reference_url

http://struts.apache.org/2.2.1/docs/s2-005.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/2.2.1/docs/s2-005.html

reference_url	http://struts.apache.org/docs/s2-005.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-005.html

reference_url

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2

reference_url	http://www.exploit-db.com/exploits/14360
reference_id
reference_type
scores
url	http://www.exploit-db.com/exploits/14360

reference_url	http://www.osvdb.org/66280
reference_id
reference_type
scores
url	http://www.osvdb.org/66280

reference_url	http://www.securityfocus.com/bid/41592
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/41592

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1123727
reference_id	1123727
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1123727

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.1.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/14360.txt
reference_id	CVE-2010-1870;OSVDB-66280
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/14360.txt

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17691.rb
reference_id	CVE-2010-1870;OSVDB-66280
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17691.rb

reference_url

https://github.com/advisories/GHSA-x5fc-pgpx-59j5

reference_id

GHSA-x5fc-pgpx-59j5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x5fc-pgpx-59j5

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

date_added	2010-07-14
description	Struts2/XWork < 2.2.0 - Remote Command Execution
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`false`
source_date_published	2010-07-14
exploit_type	remote
platform	multiple
source_date_updated	2010-07-14
data_source	Exploit-DB
source_url

date_added	`null`
description	This module exploits a remote command execution vulnerability in Apache Struts versions < 2.2.0. This issue is caused by a failure to properly handle unicode characters in OGNL extensive expressions passed to the web server. By sending a specially crafted request to the Struts application it is possible to bypass the "#" restriction on ParameterInterceptors by using OGNL context variables. Bypassing this restriction allows for the execution of arbitrary Java code.
required_action	`null`
due_date	`null`
notes	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
known_ransomware_campaign_use	`false`
source_date_published	2010-07-13
exploit_type	`null`
platform	Linux,Windows
source_date_updated	`null`
data_source	Metasploit
source_url	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/struts_code_exec.rb

Severity_range_score 4.0 - 6.9

Exploitability 2.0

Weighted_severity 6.2

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-evh9-mua1-2bem

Vulnerability Instance