Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/20924?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/20924?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "type": "maven", "namespace": "org.apache.struts", "name": "struts2-core", "version": "2.3.20", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.8.0", "latest_non_vulnerable_version": "7.1.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8109?format=api", "vulnerability_id": "VCID-2chz-36wn-9fcv", "summary": "Manipulation of Struts internals\nThis package allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80292", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80178", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80169", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80197", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80198", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.802", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80229", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80238", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80254", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80269", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80138", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80167", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80173", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02387", "scoring_system": "epss", "scoring_elements": "0.84935", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02387", "scoring_system": "epss", "scoring_elements": "0.84967", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02387", "scoring_system": "epss", "scoring_elements": "0.84949", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5209" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5209", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5209" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180629-0002/" }, { "reference_url": "https://struts.apache.org/docs/s2-026.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-026.html" }, { "reference_url": "https://github.com/advisories/GHSA-4qgj-9mvg-3929", "reference_id": "GHSA-4qgj-9mvg-3929", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4qgj-9mvg-3929" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22083?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rjv-1thm-dugt" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-7fgd-jnfe-gkhp" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-czjh-bpfk-3yh6" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.1" } ], "aliases": [ "CVE-2015-5209", "GHSA-4qgj-9mvg-3929" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2chz-36wn-9fcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5021?format=api", "vulnerability_id": "VCID-2rjv-1thm-dugt", "summary": "XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96164", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96131", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.9613", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96132", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96141", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96146", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96147", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96149", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.9615", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96157", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96095", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96103", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96109", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96115", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96125", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96129", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3082" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f" }, { "reference_url": "http://struts.apache.org/docs/s2-031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-031.html" }, { "reference_url": "http://www.securityfocus.com/bid/88826", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/88826" }, { "reference_url": "http://www.securitytracker.com/id/1035664", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035664" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3082", "reference_id": "CVE-2016-3082", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3082" }, { "reference_url": "https://github.com/advisories/GHSA-pvm9-288c-v5wq", "reference_id": "GHSA-pvm9-288c-v5wq", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pvm9-288c-v5wq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22262?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/22085?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/22265?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1" } ], "aliases": [ "CVE-2016-3082", "GHSA-pvm9-288c-v5wq" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2rjv-1thm-dugt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11671?format=api", "vulnerability_id": "VCID-3yq7-n972-j7dh", "summary": "Improperly Controlled Modification of Dynamically-Determined Object Attributes\nApache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html" }, { "reference_url": "http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93727", "scoring_system": "epss", "scoring_elements": "0.99851", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.93727", "scoring_system": "epss", "scoring_elements": "0.9985", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.93727", "scoring_system": "epss", "scoring_elements": "0.99849", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.93727", "scoring_system": "epss", "scoring_elements": "0.99848", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.93727", "scoring_system": "epss", "scoring_elements": "0.99852", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.93849", "scoring_system": "epss", "scoring_elements": "0.99868", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.93849", "scoring_system": "epss", "scoring_elements": "0.99867", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.93849", "scoring_system": "epss", "scoring_elements": "0.99869", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0230" }, { "reference_url": "https://cwiki.apache.org/confluence/display/ww/s2-059", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/ww/s2-059" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://launchpad.support.sap.com/#/notes/2982840", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.support.sap.com/#/notes/2982840" }, { "reference_url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869672", "reference_id": "1869672", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869672" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py", "reference_id": "CVE-2019-0230", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0230", "reference_id": "CVE-2019-0230", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0230" }, { "reference_url": "https://github.com/advisories/GHSA-wp4h-pvgw-5727", "reference_id": "GHSA-wp4h-pvgw-5727", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wp4h-pvgw-5727" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41963?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22" } ], "aliases": [ "CVE-2019-0230", "GHSA-wp4h-pvgw-5727" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3yq7-n972-j7dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5004?format=api", "vulnerability_id": "VCID-4agy-6nsx-7ufh", "summary": "Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3093", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.89845", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.89787", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.89793", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.898", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.89798", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.89791", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.89806", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.89807", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.89801", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.89816", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.89815", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.8983", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.8975", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.89753", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.89768", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.8977", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3093" }, { "reference_url": "https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92" }, { "reference_url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E" }, { "reference_url": "https://struts.apache.org/docs/s2-034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-034.html" }, { "reference_url": "http://struts.apache.org/docs/s2-034.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-034.html" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854" }, { "reference_url": "http://www.securityfocus.com/bid/90961", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/90961" }, { "reference_url": "http://www.securitytracker.com/id/1036018", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1036018" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341677", "reference_id": "1341677", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341677" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ognl_project:ognl:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ognl_project:ognl:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ognl_project:ognl:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3093", "reference_id": "CVE-2016-3093", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3093" }, { "reference_url": "https://github.com/advisories/GHSA-383p-xqxx-rrmp", "reference_id": "GHSA-383p-xqxx-rrmp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-383p-xqxx-rrmp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22085?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" } ], "aliases": [ "CVE-2016-3093", "GHSA-383p-xqxx-rrmp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4agy-6nsx-7ufh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4664?format=api", "vulnerability_id": "VCID-579w-2k2v-efa2", "summary": "In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12611", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94228", "scoring_system": "epss", "scoring_elements": "0.99929", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.94228", "scoring_system": "epss", "scoring_elements": "0.99928", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.94228", "scoring_system": "epss", "scoring_elements": "0.99927", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.94228", "scoring_system": "epss", "scoring_elements": "0.99926", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.94228", "scoring_system": "epss", "scoring_elements": "0.99925", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12611" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa" }, { "reference_url": "https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f" }, { "reference_url": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001" }, { "reference_url": "https://struts.apache.org/docs/s2-053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-053.html" }, { "reference_url": "https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829" }, { "reference_url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" }, { "reference_url": "http://www.securityfocus.com/bid/100829", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100829" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489478", "reference_id": "1489478", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489478" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*" }, { "reference_url": "https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py", "reference_id": "CVE-2017-12611", "reference_type": "exploit", "scores": [], "url": "https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py", "reference_id": "CVE-2017-12611", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12611", "reference_id": "CVE-2017-12611", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12611" }, { "reference_url": "https://github.com/advisories/GHSA-8fx9-5hx8-crhm", "reference_id": "GHSA-8fx9-5hx8-crhm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8fx9-5hx8-crhm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22262?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/24695?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/24323?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zkg1-bed6-bbfv" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/77954?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/24325?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12" } ], "aliases": [ "CVE-2017-12611", "GHSA-8fx9-5hx8-crhm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-579w-2k2v-efa2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4609?format=api", "vulnerability_id": "VCID-6hrc-fm64-ckhf", "summary": "Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.7916", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.79171", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.79154", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.79185", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.7932", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.79299", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.79286", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.79269", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.79263", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.79227", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.7923", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.79213", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.79228", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.79204", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.79196", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2162" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java" }, { "reference_url": "https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2162", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2162" }, { "reference_url": "http://struts.apache.org/docs/s2-030.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-030.html" }, { "reference_url": "https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070" }, { "reference_url": "https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272" }, { "reference_url": "http://www.securityfocus.com/bid/85070", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/85070" }, { "reference_url": "http://www.securitytracker.com/id/1035272", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035272" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326724", "reference_id": "1326724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326724" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2_beta:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.2_beta:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2_beta:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-2j4q-9fff-236j", "reference_id": "GHSA-2j4q-9fff-236j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2j4q-9fff-236j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22241?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rjv-1thm-dugt" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-7fgd-jnfe-gkhp" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-czjh-bpfk-3yh6" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28" } ], "aliases": [ "CVE-2016-2162", "GHSA-2j4q-9fff-236j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6hrc-fm64-ckhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5135?format=api", "vulnerability_id": "VCID-74ab-1p1c-4qbd", "summary": "In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05049", "scoring_system": "epss", "scoring_elements": "0.89733", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05049", "scoring_system": "epss", "scoring_elements": "0.89748", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05049", "scoring_system": "epss", "scoring_elements": "0.89747", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05049", "scoring_system": "epss", "scoring_elements": "0.89824", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.05049", "scoring_system": "epss", "scoring_elements": "0.89809", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.05049", "scoring_system": "epss", "scoring_elements": "0.89796", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05049", "scoring_system": "epss", "scoring_elements": "0.89795", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05049", "scoring_system": "epss", "scoring_elements": "0.89781", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05049", "scoring_system": "epss", "scoring_elements": "0.89787", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05049", "scoring_system": "epss", "scoring_elements": "0.89786", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05049", "scoring_system": "epss", "scoring_elements": "0.89771", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05049", "scoring_system": "epss", "scoring_elements": "0.89777", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05049", "scoring_system": "epss", "scoring_elements": "0.89779", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05049", "scoring_system": "epss", "scoring_elements": "0.89772", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05049", "scoring_system": "epss", "scoring_elements": "0.89766", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05049", "scoring_system": "epss", "scoring_elements": "0.89729", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6795" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129" }, { "reference_url": "https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab" }, { "reference_url": "https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180629-0003/" }, { "reference_url": "https://struts.apache.org/docs/s2-042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-042.html" }, { "reference_url": "https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773" }, { "reference_url": "http://www.securityfocus.com/bid/93773", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/93773" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6795", "reference_id": "CVE-2016-6795", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6795" }, { "reference_url": "https://github.com/advisories/GHSA-44hv-jjx7-qfjg", "reference_id": "GHSA-44hv-jjx7-qfjg", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-44hv-jjx7-qfjg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54546?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/24327?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-5qtg-djvn-97ht" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zkg1-bed6-bbfv" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.5" } ], "aliases": [ "CVE-2016-6795", "GHSA-44hv-jjx7-qfjg" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-74ab-1p1c-4qbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12554?format=api", "vulnerability_id": "VCID-79j9-v8gz-rfax", "summary": "Remote code execution in Apache Struts\nForced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.", "references": [ { "reference_url": "http://jvn.jp/en/jp/JVN43969166/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "http://jvn.jp/en/jp/JVN43969166/index.html" }, { "reference_url": "http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94376", "scoring_system": "epss", "scoring_elements": "0.99967", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.94376", "scoring_system": "epss", "scoring_elements": "0.99966", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.94376", "scoring_system": "epss", "scoring_elements": "0.99968", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17530" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-061", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-061" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210115-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210115-0005" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/04/12/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/04/12/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905645", "reference_id": "1905645", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905645" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17530", "reference_id": "CVE-2020-17530", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17530" }, { "reference_url": "https://github.com/advisories/GHSA-jc35-q369-45pv", "reference_id": "GHSA-jc35-q369-45pv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jc35-q369-45pv" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210115-0005/", "reference_id": "ntap-20210115-0005", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210115-0005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44976?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.26" } ], "aliases": [ "CVE-2020-17530", "GHSA-jc35-q369-45pv" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-79j9-v8gz-rfax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4648?format=api", "vulnerability_id": "VCID-7c97-nj5a-hqb8", "summary": "", "references": [ { "reference_url": "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html" }, { "reference_url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5638.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5638.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5638", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94267", "scoring_system": "epss", "scoring_elements": "0.99939", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.94267", "scoring_system": "epss", "scoring_elements": "0.99937", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.94267", "scoring_system": "epss", "scoring_elements": "0.99936", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.94267", "scoring_system": "epss", "scoring_elements": "0.99938", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5638" }, { "reference_url": "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-045", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-045" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-046", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-046" }, { "reference_url": "https://exploit-db.com/exploits/41570", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://exploit-db.com/exploits/41570" }, { "reference_url": "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a" }, { "reference_url": "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228" }, { "reference_url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a" }, { "reference_url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a" }, { "reference_url": "https://github.com/apache/struts/commit/6b8272ce47160036ed120a48345d9aa884477228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/6b8272ce47160036ed120a48345d9aa884477228" }, { "reference_url": "https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b" }, { "reference_url": "https://github.com/mazen160/struts-pwn", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://github.com/mazen160/struts-pwn" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/issues/8064", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://github.com/rapid7/metasploit-framework/issues/8064" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us" }, { "reference_url": "https://isc.sans.edu/diary/22169", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://isc.sans.edu/diary/22169" }, { "reference_url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html" }, { "reference_url": "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20170310-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20170310-0001" }, { "reference_url": "https://struts.apache.org/docs/s2-045.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://struts.apache.org/docs/s2-045.html" }, { "reference_url": "https://struts.apache.org/docs/s2-046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://struts.apache.org/docs/s2-046.html" }, { "reference_url": "https://support.lenovo.com/us/en/product_security/len-14200", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://support.lenovo.com/us/en/product_security/len-14200" }, { "reference_url": "https://twitter.com/theog150/status/841146956135124993", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://twitter.com/theog150/status/841146956135124993" }, { "reference_url": "https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729" }, { "reference_url": "https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5638", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5638" }, { "reference_url": "https://www.exploit-db.com/exploits/41614", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/41614" }, { "reference_url": "https://www.kb.cert.org/vuls/id/834067", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://www.kb.cert.org/vuls/id/834067" }, { "reference_url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA145", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA145" }, { "reference_url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt" }, { "reference_url": "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "reference_url": "http://www.securityfocus.com/bid/96729", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://www.securityfocus.com/bid/96729" }, { "reference_url": "http://www.securitytracker.com/id/1037973", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://www.securitytracker.com/id/1037973" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430326", "reference_id": "1430326", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430326" }, { "reference_url": "https://www.exploit-db.com/exploits/41614/", "reference_id": "41614", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://www.exploit-db.com/exploits/41614/" }, { "reference_url": "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/", "reference_id": "critical-vulnerability-under-massive-attack-imperils-high-impact-sites", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/" }, { "reference_url": "https://github.com/nixawk/labs/tree/17cf725d64f33ef51b820dea4fc1e6133f579d64/CVE-2017-5638", "reference_id": "CVE-2017-5638", "reference_type": "exploit", "scores": [], "url": "https://github.com/nixawk/labs/tree/17cf725d64f33ef51b820dea4fc1e6133f579d64/CVE-2017-5638" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/blob/173633263853c7717caa658a9b98350b985cda02/modules/exploits/multi/http/struts2_content_type_ognl.rb", "reference_id": "CVE-2017-5638", "reference_type": "exploit", "scores": [], "url": "https://github.com/rapid7/metasploit-framework/blob/173633263853c7717caa658a9b98350b985cda02/modules/exploits/multi/http/struts2_content_type_ognl.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41570.py", "reference_id": "CVE-2017-5638", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41570.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41614.rb", "reference_id": "CVE-2017-5638", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41614.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5638", "reference_id": "CVE-2017-5638", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5638" }, { "reference_url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/", "reference_id": "cve-2017-5638-apache-struts-vulnerability-remote-code-execution", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/" }, { "reference_url": "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/", "reference_id": "cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/" }, { "reference_url": "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2", "reference_id": "CVE-2017-5638-NEW-REMOTE-CODE-EXECUTION-RCE-VULNERABILITY-IN-APACHE-STRUTS-2", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2" }, { "reference_url": "https://github.com/advisories/GHSA-j77q-2qqg-6989", "reference_id": "GHSA-j77q-2qqg-6989", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j77q-2qqg-6989" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20170310-0001/", "reference_id": "ntap-20170310-0001", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20170310-0001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24322?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/24323?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zkg1-bed6-bbfv" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1" } ], "aliases": [ "CVE-2017-5638", "GHSA-j77q-2qqg-6989" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7c97-nj5a-hqb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5006?format=api", "vulnerability_id": "VCID-7fgd-jnfe-gkhp", "summary": "Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3087.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3087.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3087", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.87007", "scoring_system": "epss", "scoring_elements": "0.99431", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.87007", "scoring_system": "epss", "scoring_elements": "0.99433", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.87007", "scoring_system": "epss", "scoring_elements": "0.99432", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.87007", "scoring_system": "epss", "scoring_elements": "0.99443", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.87007", "scoring_system": "epss", "scoring_elements": "0.99442", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.87007", "scoring_system": "epss", "scoring_elements": "0.9944", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.87007", "scoring_system": "epss", "scoring_elements": "0.99438", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.87007", "scoring_system": "epss", "scoring_elements": "0.99437", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.87007", "scoring_system": "epss", "scoring_elements": "0.99436", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.87007", "scoring_system": "epss", "scoring_elements": "0.99435", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.87007", "scoring_system": "epss", "scoring_elements": "0.99434", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3087" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f" }, { "reference_url": "https://github.com/apache/struts/commit/98d2692e434fe7f4d445ade24fe2c9860de1c13f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/98d2692e434fe7f4d445ade24fe2c9860de1c13f" }, { "reference_url": "http://struts.apache.org/docs/s2-033.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-033.html" }, { "reference_url": "https://web.archive.org/web/20160616082237/http://www.securitytracker.com/id/1036017", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160616082237/http://www.securitytracker.com/id/1036017" }, { "reference_url": "https://web.archive.org/web/20160728170709/http://www.securityfocus.com/bid/90960", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160728170709/http://www.securityfocus.com/bid/90960" }, { "reference_url": "https://www.exploit-db.com/exploits/39919", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/39919" }, { "reference_url": "https://www.exploit-db.com/exploits/39919/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/39919/" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854" }, { "reference_url": "http://www.securityfocus.com/bid/90960", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/90960" }, { "reference_url": "http://www.securitytracker.com/id/1036017", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1036017" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341674", "reference_id": "1341674", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341674" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/nixawk/labs/blob/bf31676e55f0010adf9634269f86a61cc44e7102/CVE-2016-3087/", "reference_id": "CVE-2016-3087", "reference_type": "exploit", "scores": [], "url": "https://github.com/nixawk/labs/blob/bf31676e55f0010adf9634269f86a61cc44e7102/CVE-2016-3087/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/39919.rb", "reference_id": "CVE-2016-3087", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/39919.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/43382.py", "reference_id": "CVE-2016-3087", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/43382.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3087", "reference_id": "CVE-2016-3087", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3087" }, { "reference_url": "https://github.com/advisories/GHSA-mmj6-cjj4-hpr5", "reference_id": "GHSA-mmj6-cjj4-hpr5", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mmj6-cjj4-hpr5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22262?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/22085?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/22265?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1" } ], "aliases": [ "CVE-2016-3087", "GHSA-mmj6-cjj4-hpr5" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7fgd-jnfe-gkhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14756?format=api", "vulnerability_id": "VCID-87fh-rvvb-6ubq", "summary": "Apache Struts file upload logic is flawed\nFile upload logic is flawed vulnerability in Apache Struts. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.\n\nThis issue affects Apache Struts: from 2.0.0 before 6.4.0.\n\nUsers are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload. If you are not using an old file upload logic based on FileuploadInterceptor your application is safe.\n\nYou can find more details in https://cwiki.apache.org/confluence/display/WW/S2-067 .", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53677", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91785", "scoring_system": "epss", "scoring_elements": "0.99684", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.91785", "scoring_system": "epss", "scoring_elements": "0.99686", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.91785", "scoring_system": "epss", "scoring_elements": "0.99685", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.93053", "scoring_system": "epss", "scoring_elements": "0.99791", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.93053", "scoring_system": "epss", "scoring_elements": "0.99789", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.93053", "scoring_system": "epss", "scoring_elements": "0.99792", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.93053", "scoring_system": "epss", "scoring_elements": "0.99788", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.93066", "scoring_system": "epss", "scoring_elements": "0.99793", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.93066", "scoring_system": "epss", "scoring_elements": "0.99792", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.93081", "scoring_system": "epss", "scoring_elements": "0.99793", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.93081", "scoring_system": "epss", "scoring_elements": "0.99794", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53677" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-067", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-12T15:19:19Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-067" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854" }, { "reference_url": "https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78" }, { "reference_url": "https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53677", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53677" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250103-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250103-0005" }, { "reference_url": "https://struts.apache.org/core-developers/file-upload", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/core-developers/file-upload" }, { "reference_url": "https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331686", "reference_id": "2331686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331686" }, { "reference_url": "https://github.com/advisories/GHSA-43mq-6xmg-29vm", "reference_id": "GHSA-43mq-6xmg-29vm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-43mq-6xmg-29vm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51843?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-95ts-vpk6-uubg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.4.0" } ], "aliases": [ "CVE-2024-53677", "GHSA-43mq-6xmg-29vm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-87fh-rvvb-6ubq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15433?format=api", "vulnerability_id": "VCID-8bsh-bshc-vkgq", "summary": "Apache Struts forced double OGNL evaluation\nApache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a \"%{}\" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82414", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82288", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82296", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82315", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82309", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82304", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82338", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.8234", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82361", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82372", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82376", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82393", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82235", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82248", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82267", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82262", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4461" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180629-0004/" }, { "reference_url": "https://struts.apache.org/docs/s2-036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-036.html" }, { "reference_url": "http://www.securityfocus.com/bid/91277", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/91277" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4461", "reference_id": "CVE-2016-4461", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:C/I:C/A:C" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4461" }, { "reference_url": "https://github.com/advisories/GHSA-864w-r5qj-h6fj", "reference_id": "GHSA-864w-r5qj-h6fj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-864w-r5qj-h6fj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22670?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29" } ], "aliases": [ "CVE-2016-4461", "GHSA-864w-r5qj-h6fj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8bsh-bshc-vkgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23822?format=api", "vulnerability_id": "VCID-95ts-vpk6-uubg", "summary": "Apache Struts has a Denial of Service vulnerability\nDenial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.\n\nThis issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.\n\nUsers are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31685", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31628", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31599", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31547", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31729", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40401", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40786", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40752", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40733", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40778", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40748", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.4067", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40574", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40561", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40478", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40334", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66675" }, { "reference_url": "https://cve.org/CVERecord?id=CVE-2025-64775", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/" } ], "url": "https://cve.org/CVERecord?id=CVE-2025-64775" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-068", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-068" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66675", "reference_id": "CVE-2025-66675", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66675" }, { "reference_url": "https://github.com/advisories/GHSA-rg58-xhh7-mqjw", "reference_id": "GHSA-rg58-xhh7-mqjw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rg58-xhh7-mqjw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66570?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.8.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/66571?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@7.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1" } ], "aliases": [ "CVE-2025-66675", "GHSA-rg58-xhh7-mqjw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-95ts-vpk6-uubg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4865?format=api", "vulnerability_id": "VCID-at5c-f8p8-67fh", "summary": "Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85608", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85779", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85758", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85691", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85677", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85665", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85645", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85638", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.8562", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85741", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85739", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85729", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85705", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85711", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85706", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85684", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85687", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4003" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc" }, { "reference_url": "https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9" }, { "reference_url": "https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e" }, { "reference_url": "https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2" }, { "reference_url": "https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4507", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4507" }, { "reference_url": "http://struts.apache.org/docs/s2-028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-028.html" }, { "reference_url": "https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311" }, { "reference_url": "https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268" }, { "reference_url": "http://www.securityfocus.com/bid/86311", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/86311" }, { "reference_url": "http://www.securitytracker.com/id/1035268", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035268" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326725", "reference_id": "1326725", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326725" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4003", "reference_id": "CVE-2016-4003", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4003" }, { "reference_url": "https://github.com/advisories/GHSA-m3x6-9v6h-4g28", "reference_id": "GHSA-m3x6-9v6h-4g28", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m3x6-9v6h-4g28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22085?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/22241?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rjv-1thm-dugt" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-7fgd-jnfe-gkhp" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-czjh-bpfk-3yh6" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28" } ], "aliases": [ "CVE-2016-4003", "GHSA-m3x6-9v6h-4g28" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-at5c-f8p8-67fh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17909?format=api", "vulnerability_id": "VCID-b7zy-qhz9-tuar", "summary": "Apache Struts vulnerable to memory exhaustion\nDenial of service via out of memory (OOM) owing to not properly checking of list bounds. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.\n\nUpgrade to Struts 2.5.31 or 6.1.2.1 or greater.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34149", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19344", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19623", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19577", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19474", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19422", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2043", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20545", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20553", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20567", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2062", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20662", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2055", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20366", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20294", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20397", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20429", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34149" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-063", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-063" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21" }, { "reference_url": "https://github.com/apache/struts/releases/tag/STRUTS_2_5_31", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/releases/tag/STRUTS_2_5_31" }, { "reference_url": "https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0005" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/06/14/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/06/14/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34149", "reference_id": "CVE-2023-34149", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34149" }, { "reference_url": "https://github.com/advisories/GHSA-8f6x-v685-g2xc", "reference_id": "GHSA-8f6x-v685-g2xc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8f6x-v685-g2xc" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0005/", "reference_id": "ntap-20230706-0005", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58046?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/58047?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1" } ], "aliases": [ "CVE-2023-34149", "GHSA-8f6x-v685-g2xc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7zy-qhz9-tuar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4677?format=api", "vulnerability_id": "VCID-bgbt-j1n9-6yg5", "summary": "The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1327", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.90945", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.90828", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.90928", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.90913", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.90833", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.90915", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.90916", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.90903", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.90902", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.90905", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.90844", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.9088", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.90881", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.90872", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.90854", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.90866", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1327" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-056", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-056" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa" }, { "reference_url": "https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4" }, { "reference_url": "https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323" }, { "reference_url": "https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180330-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180330-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180330-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180330-0001/" }, { "reference_url": "https://struts.apache.org/docs/s2-056.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://struts.apache.org/docs/s2-056.html" }, { "reference_url": "https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516" }, { "reference_url": "https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "reference_url": "http://www.securityfocus.com/bid/103516", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103516" }, { "reference_url": "http://www.securitytracker.com/id/1040575", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1040575" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561007", "reference_id": "1561007", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561007" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2018-1327", "reference_id": "CVE-2018-1327", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2018-1327" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1327", "reference_id": "CVE-2018-1327", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1327" }, { "reference_url": "https://github.com/advisories/GHSA-38cr-2ph5-frr9", "reference_id": "GHSA-38cr-2ph5-frr9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-38cr-2ph5-frr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27205?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.16" } ], "aliases": [ "CVE-2018-1327", "GHSA-38cr-2ph5-frr9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bgbt-j1n9-6yg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4895?format=api", "vulnerability_id": "VCID-cm62-bsdz-yye2", "summary": "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94431", "scoring_system": "epss", "scoring_elements": "0.99985", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.94431", "scoring_system": "epss", "scoring_elements": "0.99984", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11776" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-057", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-057" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b" }, { "reference_url": "https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e" }, { "reference_url": "https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72" }, { "reference_url": "https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d" }, { "reference_url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180822-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180822-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181018-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20181018-0002" }, { "reference_url": "https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125" }, { "reference_url": "https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888" }, { "reference_url": "https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776" }, { "reference_url": "https://www.exploit-db.com/exploits/45260", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45260" }, { "reference_url": "https://www.exploit-db.com/exploits/45262", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45262" }, { "reference_url": "https://www.exploit-db.com/exploits/45367", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45367" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "reference_url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "reference_url": "http://www.securityfocus.com/bid/105125", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.securityfocus.com/bid/105125" }, { "reference_url": "http://www.securitytracker.com/id/1041547", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.securitytracker.com/id/1041547" }, { "reference_url": "http://www.securitytracker.com/id/1041888", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.securitytracker.com/id/1041888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620019", "reference_id": "1620019", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620019" }, { "reference_url": "https://www.exploit-db.com/exploits/45260/", "reference_id": "45260", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.exploit-db.com/exploits/45260/" }, { "reference_url": "https://www.exploit-db.com/exploits/45262/", "reference_id": "45262", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.exploit-db.com/exploits/45262/" }, { "reference_url": "https://www.exploit-db.com/exploits/45367/", "reference_id": "45367", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.exploit-db.com/exploits/45367/" }, { "reference_url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py" }, { "reference_url": "https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11776", "reference_id": "CVE-2018-11776", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11776" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb" }, { "reference_url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC", "reference_id": "CVE-2018-11776-PYTHON-POC", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC" }, { "reference_url": "https://github.com/advisories/GHSA-cr6j-3jp9-rw65", "reference_id": "GHSA-cr6j-3jp9-rw65", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cr6j-3jp9-rw65" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180822-0001/", "reference_id": "ntap-20180822-0001", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20180822-0001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32221?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/32222?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.17" } ], "aliases": [ "CVE-2018-11776", "GHSA-cr6j-3jp9-rw65" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cm62-bsdz-yye2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5096?format=api", "vulnerability_id": "VCID-czjh-bpfk-3yh6", "summary": "Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93973", "scoring_system": "epss", "scoring_elements": "0.99889", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.93973", "scoring_system": "epss", "scoring_elements": "0.99888", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.93973", "scoring_system": "epss", "scoring_elements": "0.99886", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.93973", "scoring_system": "epss", "scoring_elements": "0.99885", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.93973", "scoring_system": "epss", "scoring_elements": "0.9989", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.93973", "scoring_system": "epss", "scoring_elements": "0.99887", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3081" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/f238cf4f1091be19fbcfd086b042c86a1bcaa7fc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/f238cf4f1091be19fbcfd086b042c86a1bcaa7fc" }, { "reference_url": "https://struts.apache.org/docs/s2-032.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-032.html" }, { "reference_url": "https://web.archive.org/web/20210123152457/http://www.securityfocus.com/bid/91787", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123152457/http://www.securityfocus.com/bid/91787" }, { "reference_url": "https://web.archive.org/web/20210225192113/http://www.securityfocus.com/bid/87327", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210225192113/http://www.securityfocus.com/bid/87327" }, { "reference_url": "https://web.archive.org/web/20210226011418/http://www.securitytracker.com/id/1035665", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210226011418/http://www.securitytracker.com/id/1035665" }, { "reference_url": "https://www.exploit-db.com/exploits/39756", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/39756" }, { "reference_url": "https://www.exploit-db.com/exploits/39756/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/39756/" }, { "reference_url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-en", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-en" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "reference_url": "http://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exec", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exec" }, { "reference_url": "http://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_exec", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_exec" }, { "reference_url": "http://www.securityfocus.com/bid/87327", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/87327" }, { "reference_url": "http://www.securityfocus.com/bid/91787", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/91787" }, { "reference_url": "http://www.securitytracker.com/id/1035665", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035665" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:siebel_e-billing:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:siebel_e-billing:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:siebel_e-billing:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/39756.rb", "reference_id": "CVE-2016-3081", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/39756.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3081", "reference_id": "CVE-2016-3081", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3081" }, { "reference_url": "https://github.com/advisories/GHSA-8c6j-ffmf-q6vm", "reference_id": "GHSA-8c6j-ffmf-q6vm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8c6j-ffmf-q6vm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22262?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/22085?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/22265?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1" } ], "aliases": [ "CVE-2016-3081", "GHSA-8c6j-ffmf-q6vm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-czjh-bpfk-3yh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17939?format=api", "vulnerability_id": "VCID-dk2f-14xj-9bf8", "summary": "Apache Struts vulnerable to memory exhaustion\nDenial of service via out of memory (OOM) owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.\n\nUpgrade to Struts 2.5.31 or 6.1.2.1 or greater", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34396", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30232", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30194", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30159", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30099", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30281", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31207", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31376", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31404", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31425", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31391", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31428", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3147", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30921", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30853", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31004", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31083", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34396" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-064", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-064" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21" }, { "reference_url": "https://github.com/apache/struts/releases/tag/STRUTS_2_5_31", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/releases/tag/STRUTS_2_5_31" }, { "reference_url": "https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0005" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/06/14/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/06/14/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34396", "reference_id": "CVE-2023-34396", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34396" }, { "reference_url": "https://github.com/advisories/GHSA-4g42-gqrg-4633", "reference_id": "GHSA-4g42-gqrg-4633", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4g42-gqrg-4633" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0005/", "reference_id": "ntap-20230706-0005", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58046?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/58047?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1" } ], "aliases": [ "CVE-2023-34396", "GHSA-4g42-gqrg-4633" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dk2f-14xj-9bf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20138?format=api", "vulnerability_id": "VCID-gfxq-vtry-bqgg", "summary": "Files or Directories Accessible to External Parties\nAn attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.\nUsers are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92864", "scoring_system": "epss", "scoring_elements": "0.99769", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.92864", "scoring_system": "epss", "scoring_elements": "0.99771", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.92864", "scoring_system": "epss", "scoring_elements": "0.99772", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.93657", "scoring_system": "epss", "scoring_elements": "0.99844", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.93657", "scoring_system": "epss", "scoring_elements": "0.99841", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.93657", "scoring_system": "epss", "scoring_elements": "0.99842", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.93657", "scoring_system": "epss", "scoring_elements": "0.99843", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50164" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-066", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-066" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163" }, { "reference_url": "https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6" }, { "reference_url": "https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231214-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231214-0010" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/12/07/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2023/12/07/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/07/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/07/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253938", "reference_id": "2253938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253938" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50164", "reference_id": "CVE-2023-50164", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50164" }, { "reference_url": "https://github.com/advisories/GHSA-2j39-qcjm-428w", "reference_id": "GHSA-2j39-qcjm-428w", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2j39-qcjm-428w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61587?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-j8jv-hzsy-nyec" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/61588?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.3.0.2" } ], "aliases": [ "CVE-2023-50164", "GHSA-2j39-qcjm-428w" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gfxq-vtry-bqgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13718?format=api", "vulnerability_id": "VCID-hgj2-vqzn-gyeb", "summary": "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')\nThe fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31805", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93956", "scoring_system": "epss", "scoring_elements": "0.99887", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.93956", "scoring_system": "epss", "scoring_elements": "0.99884", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.93956", "scoring_system": "epss", "scoring_elements": "0.99886", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.93956", "scoring_system": "epss", "scoring_elements": "0.99885", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.93956", "scoring_system": "epss", "scoring_elements": "0.99881", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.93956", "scoring_system": "epss", "scoring_elements": "0.99882", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.93956", "scoring_system": "epss", "scoring_elements": "0.99883", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31805" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-062", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-062" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220420-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220420-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220420-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220420-0001/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/04/12/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/04/12/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074788", "reference_id": "2074788", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074788" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31805", "reference_id": "CVE-2021-31805", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31805" }, { "reference_url": "https://github.com/advisories/GHSA-v8j6-6c2r-r27c", "reference_id": "GHSA-v8j6-6c2r-r27c", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v8j6-6c2r-r27c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49162?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.30" } ], "aliases": [ "CVE-2021-31805", "GHSA-v8j6-6c2r-r27c" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hgj2-vqzn-gyeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4641?format=api", "vulnerability_id": "VCID-j5su-cnqd-6yad", "summary": "Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a \"%{}\" sequence in a tag attribute, aka forced double OGNL evaluation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95162", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95093", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95104", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95105", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95107", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95114", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95118", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95123", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95125", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95128", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95136", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95139", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95141", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95142", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95143", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95156", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0785" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364" }, { "reference_url": "http://struts.apache.org/docs/s2-029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-029.html" }, { "reference_url": "https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066" }, { "reference_url": "https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271" }, { "reference_url": "http://www.securityfocus.com/bid/85066", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/85066" }, { "reference_url": "http://www.securitytracker.com/id/1035271", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035271" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326720", "reference_id": "1326720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326720" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0785", "reference_id": "CVE-2016-0785", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:C/I:C/A:C" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0785" }, { "reference_url": "https://github.com/advisories/GHSA-876p-4wgc-75rx", "reference_id": "GHSA-876p-4wgc-75rx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-876p-4wgc-75rx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22262?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/22085?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/22241?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rjv-1thm-dugt" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-7fgd-jnfe-gkhp" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-czjh-bpfk-3yh6" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28" } ], "aliases": [ "CVE-2016-0785", "GHSA-876p-4wgc-75rx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j5su-cnqd-6yad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4629?format=api", "vulnerability_id": "VCID-mdde-pa5h-w7g4", "summary": "In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9804.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9804.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.89325", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.89307", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.89298", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.89295", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.8929", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.89278", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.89265", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.89268", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.89223", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.89217", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.89272", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.89263", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.89258", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.89241", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.89238", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9804" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/3fddfb6eb562d597c935084e9e81d43ed6bcd02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/3fddfb6eb562d597c935084e9e81d43ed6bcd02" }, { "reference_url": "https://github.com/apache/struts/commit/418a20c0594f23764fe29ced400c1219239899a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/418a20c0594f23764fe29ced400c1219239899a" }, { "reference_url": "https://github.com/apache/struts/commit/744c1f409d983641af3e8e3b573c2f2d2c2c6d9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/744c1f409d983641af3e8e3b573c2f2d2c2c6d9" }, { "reference_url": "https://github.com/apache/struts/commit/8a04e80f01350c90f053d71366d5e0c2186fded", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/8a04e80f01350c90f053d71366d5e0c2186fded" }, { "reference_url": "https://github.com/apache/struts/commit/9d47af6ffa355977b5acc713e6d1f25fac260a2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/9d47af6ffa355977b5acc713e6d1f25fac260a2" }, { "reference_url": "https://github.com/apache/struts/commit/a05259ed69a5a48379aa91650e4cd1cb4bd6e5a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/a05259ed69a5a48379aa91650e4cd1cb4bd6e5a" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180629-0001/" }, { "reference_url": "https://struts.apache.org/docs/s2-050.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-050.html" }, { "reference_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2" }, { "reference_url": "https://web.archive.org/web/20171113165852/http://www.securityfocus.com/bid/100612", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20171113165852/http://www.securityfocus.com/bid/100612" }, { "reference_url": "https://web.archive.org/web/20201021075553/http://www.securitytracker.com/id/1039261", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201021075553/http://www.securitytracker.com/id/1039261" }, { "reference_url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" }, { "reference_url": "http://www.securityfocus.com/bid/100612", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100612" }, { "reference_url": "http://www.securitytracker.com/id/1039261", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039261" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488491", "reference_id": "1488491", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488491" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9804", "reference_id": "CVE-2017-9804", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9804" }, { "reference_url": "https://github.com/advisories/GHSA-x5x7-3v85-wpc4", "reference_id": "GHSA-x5x7-3v85-wpc4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x5x7-3v85-wpc4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22262?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/22240?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-2rjv-1thm-dugt" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-7fgd-jnfe-gkhp" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-czjh-bpfk-3yh6" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/24695?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/24696?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13" } ], "aliases": [ "CVE-2017-9804", "GHSA-x5x7-3v85-wpc4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mdde-pa5h-w7g4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4988?format=api", "vulnerability_id": "VCID-p9xh-frm5-8ucp", "summary": "The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to \"compromise internal state of an application\" via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1831.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1831.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04514", "scoring_system": "epss", "scoring_elements": "0.89209", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.04514", "scoring_system": "epss", "scoring_elements": "0.89158", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04514", "scoring_system": "epss", "scoring_elements": "0.89175", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04514", "scoring_system": "epss", "scoring_elements": "0.8918", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04514", "scoring_system": "epss", "scoring_elements": "0.89184", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04514", "scoring_system": "epss", "scoring_elements": "0.89192", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04514", "scoring_system": "epss", "scoring_elements": "0.89096", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04514", "scoring_system": "epss", "scoring_elements": "0.89104", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04514", "scoring_system": "epss", "scoring_elements": "0.89119", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04514", "scoring_system": "epss", "scoring_elements": "0.89121", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04514", "scoring_system": "epss", "scoring_elements": "0.89139", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04514", "scoring_system": "epss", "scoring_elements": "0.89144", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04514", "scoring_system": "epss", "scoring_elements": "0.89155", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04514", "scoring_system": "epss", "scoring_elements": "0.89151", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04514", "scoring_system": "epss", "scoring_elements": "0.89149", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04514", "scoring_system": "epss", "scoring_elements": "0.89161", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1831" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/d832747d647df343ed07a58b1b5e540a05a4d51b", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/d832747d647df343ed07a58b1b5e540a05a4d51b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1831", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1831" }, { "reference_url": "https://struts.apache.org/docs/s2-024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-024.html" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1831" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222515", "reference_id": "1222515", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222515" }, { "reference_url": "https://github.com/advisories/GHSA-q2cg-xf9p-h457", "reference_id": "GHSA-q2cg-xf9p-h457", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q2cg-xf9p-h457" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21163?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-2rjv-1thm-dugt" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-7fgd-jnfe-gkhp" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-czjh-bpfk-3yh6" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.1" } ], "aliases": [ "CVE-2015-1831", "GHSA-q2cg-xf9p-h457" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p9xh-frm5-8ucp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5001?format=api", "vulnerability_id": "VCID-sf53-bgb2-7ue2", "summary": "The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.", "references": [ { "reference_url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000114", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000114" }, { "reference_url": "http://jvn.jp/en/jp/JVN12352818/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN12352818/index.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4465.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.9323", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.93232", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.93226", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.93219", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.93214", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.93181", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.93247", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.93233", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.93225", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.93194", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.93178", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.93183", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.9319", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.93198", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.93197", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.93169", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10357", "scoring_system": "epss", "scoring_elements": "0.93199", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4465" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348253", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348253" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/a0fdca138feec2c2e94eb75ca1f8b76678b4d152", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/a0fdca138feec2c2e94eb75ca1f8b76678b4d152" }, { "reference_url": "https://github.com/apache/struts/commit/eccc31ebce5430f9e91b9684c63eaaf885e603f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/eccc31ebce5430f9e91b9684c63eaaf885e603f9" }, { "reference_url": "https://struts.apache.org/docs/s2-041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-041.html" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "reference_url": "http://www.securityfocus.com/bid/91278", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/91278" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4465", "reference_id": "CVE-2016-4465", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4465" }, { "reference_url": "https://github.com/advisories/GHSA-xg75-68x3-7p3q", "reference_id": "GHSA-xg75-68x3-7p3q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xg75-68x3-7p3q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22670?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/22671?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-5qtg-djvn-97ht" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zkg1-bed6-bbfv" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/24696?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13" } ], "aliases": [ "CVE-2016-4465", "GHSA-xg75-68x3-7p3q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sf53-bgb2-7ue2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20221?format=api", "vulnerability_id": "VCID-tgd1-s1yg-9fdt", "summary": "Apache Struts 2 is Missing XML Validation\nMissing XML Validation vulnerability in Apache Struts, Apache Struts.\n\nThis issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.\n\nUsers are recommended to upgrade to version 6.1.1, which fixes the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68493", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07728", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0769", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07676", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0766", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07585", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07572", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07712", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07661", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07638", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07607", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07588", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07598", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0764", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07615", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07673", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07691", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68493" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-069", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-069" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68493", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68493" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/01/11/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/01/11/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428559", "reference_id": "2428559", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428559" }, { "reference_url": "https://github.com/advisories/GHSA-qcfc-hmrc-59x7", "reference_id": "GHSA-qcfc-hmrc-59x7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qcfc-hmrc-59x7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/169006?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/61702?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.1" } ], "aliases": [ "CVE-2025-68493", "GHSA-qcfc-hmrc-59x7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tgd1-s1yg-9fdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5094?format=api", "vulnerability_id": "VCID-vgp6-jxqt-pbf4", "summary": "The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.", "references": [ { "reference_url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110" }, { "reference_url": "http://jvn.jp/en/jp/JVN07710476/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN07710476/index.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.9836", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.98334", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.98336", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.98339", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.98341", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.98346", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.98347", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.98349", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.9835", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.98353", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.98352", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.98351", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.98356", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.98357", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4438" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348238", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348238" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c" }, { "reference_url": "https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d" }, { "reference_url": "https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c" }, { "reference_url": "https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b" }, { "reference_url": "https://struts.apache.org/docs/s2-037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-037.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "reference_url": "http://www.securityfocus.com/bid/91275", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/91275" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4438", "reference_id": "CVE-2016-4438", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4438" }, { "reference_url": "https://github.com/advisories/GHSA-4prj-vw9j-v6pr", "reference_id": "GHSA-4prj-vw9j-v6pr", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4prj-vw9j-v6pr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22670?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29" } ], "aliases": [ "CVE-2016-4438", "GHSA-4prj-vw9j-v6pr" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgp6-jxqt-pbf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4915?format=api", "vulnerability_id": "VCID-y4qu-21c9-6fav", "summary": "When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9787.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9787.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9787", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92253", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92184", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92191", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92197", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.922", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92212", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92215", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92221", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92222", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92218", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.9223", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92229", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92231", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92235", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92236", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92232", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92242", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9787" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts/commit/086b63735527d4bb0c1dd0d86a7c0374b825ff2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/086b63735527d4bb0c1dd0d86a7c0374b825ff2" }, { "reference_url": "https://github.com/apache/struts/commit/0d6442bab5b44d93c4c2e63c5335f0a331333b9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/0d6442bab5b44d93c4c2e63c5335f0a331333b9" }, { "reference_url": "https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180706-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180706-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180706-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180706-0002/" }, { "reference_url": "http://struts.apache.org/docs/s2-049.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-049.html" }, { "reference_url": "https://web.archive.org/web/20170910013819/http://www.securitytracker.com/id/1039115", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170910013819/http://www.securitytracker.com/id/1039115" }, { "reference_url": "https://web.archive.org/web/20200227144723/http://www.securityfocus.com/bid/99562", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227144723/http://www.securityfocus.com/bid/99562" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" }, { "reference_url": "http://www.securityfocus.com/bid/99562", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/99562" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480608", "reference_id": "1480608", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480608" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9787", "reference_id": "CVE-2017-9787", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9787" }, { "reference_url": "https://github.com/advisories/GHSA-8mr5-h28g-36qx", "reference_id": "GHSA-8mr5-h28g-36qx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8mr5-h28g-36qx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24324?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/24325?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12" } ], "aliases": [ "CVE-2017-9787", "GHSA-8mr5-h28g-36qx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y4qu-21c9-6fav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13896?format=api", "vulnerability_id": "VCID-y5uq-a6dx-3yd4", "summary": "Unrestricted Upload of File with Dangerous Type\nA local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1592", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69205", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69066", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69248", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69135", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69085", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69104", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69082", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69225", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69217", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69208", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69158", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69178", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.6917", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69131", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.6916", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69176", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69154", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1592" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-5055", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-5055" }, { "reference_url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://seclists.org/bugtraq/2012/Mar/110", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2012/Mar/110" }, { "reference_url": "https://struts.apache.org/security/#internal-security-mechanism", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/security/#internal-security-mechanism" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2012/03/28/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2012/03/28/12" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/28/12", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/03/28/12" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2012-1592", "reference_id": "CVE-2012-1592", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2012-1592" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1592", "reference_id": "CVE-2012-1592", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1592" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2012-1592", "reference_id": "CVE-2012-1592", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1592" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml", "reference_id": "CVE-2012-1592;OSVDB-80547", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml" }, { "reference_url": "https://www.securityfocus.com/bid/52702/info", "reference_id": "CVE-2012-1592;OSVDB-80547", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/52702/info" }, { "reference_url": "https://github.com/advisories/GHSA-8m5q-crqq-6pmf", "reference_id": "GHSA-8m5q-crqq-6pmf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8m5q-crqq-6pmf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41963?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22" } ], "aliases": [ "CVE-2012-1592", "GHSA-8m5q-crqq-6pmf" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y5uq-a6dx-3yd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4798?format=api", "vulnerability_id": "VCID-ygbu-vb2t-jqhx", "summary": "Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90416", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90428", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90413", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90503", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90485", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90474", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90478", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90465", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90467", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90468", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.9046", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90453", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90433", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4436" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5" }, { "reference_url": "https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4436", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4436" }, { "reference_url": "https://struts.apache.org/docs/s2-035.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-035.html" }, { "reference_url": "https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280" }, { "reference_url": "https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348233", "reference_id": "1348233", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348233" }, { "reference_url": "https://github.com/advisories/GHSA-xm92-v2mq-842q", "reference_id": "GHSA-xm92-v2mq-842q", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xm92-v2mq-842q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22670?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/22671?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-5qtg-djvn-97ht" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-zkg1-bed6-bbfv" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1" } ], "aliases": [ "CVE-2016-4436", "GHSA-xm92-v2mq-842q" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ygbu-vb2t-jqhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54810?format=api", "vulnerability_id": "VCID-zxww-8kb3-tufv", "summary": "Improper Preservation of Permissions in Apache Struts\nAn access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.92002", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.91989", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.91975", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.91981", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.91976", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.91979", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.91982", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.91964", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.91946", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.91959", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.91963", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.91966", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.91924", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.91932", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.91967", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.9194", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0233" }, { "reference_url": "https://cwiki.apache.org/confluence/display/ww/s2-060", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/ww/s2-060" }, { "reference_url": "https://launchpad.support.sap.com/#/notes/2982840", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.support.sap.com/#/notes/2982840" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0233", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0233" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869682", "reference_id": "1869682", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869682" }, { "reference_url": "https://github.com/advisories/GHSA-ccp5-gg58-pxfm", "reference_id": "GHSA-ccp5-gg58-pxfm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ccp5-gg58-pxfm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41963?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22" } ], "aliases": [ "CVE-2019-0233", "GHSA-ccp5-gg58-pxfm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxww-8kb3-tufv" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5076?format=api", "vulnerability_id": "VCID-2v7h-fght-cugn", "summary": "Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.", "references": [ { "reference_url": "http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html" }, { "reference_url": "http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7809", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07545", "scoring_system": "epss", "scoring_elements": "0.91863", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.07545", "scoring_system": "epss", "scoring_elements": "0.91817", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07545", "scoring_system": "epss", "scoring_elements": "0.91823", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07545", "scoring_system": "epss", "scoring_elements": "0.91826", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07545", "scoring_system": "epss", "scoring_elements": "0.91828", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07545", "scoring_system": "epss", "scoring_elements": "0.91824", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07545", "scoring_system": "epss", "scoring_elements": "0.91845", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.07545", "scoring_system": "epss", "scoring_elements": "0.91839", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.07545", "scoring_system": "epss", "scoring_elements": "0.91844", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.07545", "scoring_system": "epss", "scoring_elements": "0.91852", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.07545", "scoring_system": "epss", "scoring_elements": "0.91781", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07545", "scoring_system": "epss", "scoring_elements": "0.9179", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07545", "scoring_system": "epss", "scoring_elements": "0.91795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07545", "scoring_system": "epss", "scoring_elements": "0.91804", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7809" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7809", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7809" }, { "reference_url": "http://struts.apache.org/docs/s2-023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-023.html" }, { "reference_url": "https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309" }, { "reference_url": "https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548" }, { "reference_url": "https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/534175/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/534175/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/71548", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/71548" }, { "reference_url": "http://www.securitytracker.com/id/1031309", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1031309" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172133", "reference_id": "1172133", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172133" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-h4v9-jf2r-9h6m", "reference_id": "GHSA-h4v9-jf2r-9h6m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h4v9-jf2r-9h6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20924?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-2rjv-1thm-dugt" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-7fgd-jnfe-gkhp" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-czjh-bpfk-3yh6" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-p9xh-frm5-8ucp" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2014-7809", "GHSA-h4v9-jf2r-9h6m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2v7h-fght-cugn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55501?format=api", "vulnerability_id": "VCID-8mws-fbmg-cqa9", "summary": "Cross-site Scripting in Apache Struts\nWhen the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. \n\nIt is generally not advisable to have debug mode switched on outside of the development environment. Debug mode should always be turned off in production setup. Also never expose JSPs files directly and hide them inside WEB-INF folder or define dedicated security constraints to block access to raw JSP files.\n\nStruts >= 2.3.20 is not vulnerable to this attack. We recommend upgrading to Struts 2.3.20 or higher if turning off debug mode is not possible.", "references": [ { "reference_url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html" }, { "reference_url": "http://jvn.jp/en/jp/JVN88408929/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN88408929/index.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2992", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.77009", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.76939", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.76944", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.76936", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.76969", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.76977", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.76989", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.76979", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.76834", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.76841", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.76871", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.76853", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.76884", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.76895", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.76922", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.76902", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.76897", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2992" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-025", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-025" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/Security", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/Security" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2992", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2992" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200330-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200330-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200330-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200330-0001/" }, { "reference_url": "http://www.securityfocus.com/bid/76624", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/76624" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260101", "reference_id": "1260101", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260101" }, { "reference_url": "https://github.com/advisories/GHSA-265r-pp83-gww7", "reference_id": "GHSA-265r-pp83-gww7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-265r-pp83-gww7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20924?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-2rjv-1thm-dugt" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-7fgd-jnfe-gkhp" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-czjh-bpfk-3yh6" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-p9xh-frm5-8ucp" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2015-2992", "GHSA-265r-pp83-gww7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8mws-fbmg-cqa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5047?format=api", "vulnerability_id": "VCID-h4yg-zrv6-aqa1", "summary": "ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.", "references": [ { "reference_url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045" }, { "reference_url": "http://jvn.jp/en/jp/JVN19294237/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN19294237/index.html" }, { "reference_url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0910", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0910" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91424", "scoring_system": "epss", "scoring_elements": "0.99673", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.91424", "scoring_system": "epss", "scoring_elements": "0.99663", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.91424", "scoring_system": "epss", "scoring_elements": "0.99664", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.91424", "scoring_system": "epss", "scoring_elements": "0.99665", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.91424", "scoring_system": "epss", "scoring_elements": "0.99666", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.91424", "scoring_system": "epss", "scoring_elements": "0.99668", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.91424", "scoring_system": "epss", "scoring_elements": "0.9967", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.91424", "scoring_system": "epss", "scoring_elements": "0.99671", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.91424", "scoring_system": "epss", "scoring_elements": "0.99672", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.91424", "scoring_system": "epss", "scoring_elements": "0.99659", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.91424", "scoring_system": "epss", "scoring_elements": "0.9966", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.91424", "scoring_system": "epss", "scoring_elements": "0.99661", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0112" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091939", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091939" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-021", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-021" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0112", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0112" }, { "reference_url": "http://struts.apache.org/docs/s2-021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-021.html" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html" }, { "reference_url": "https://github.com/advisories/GHSA-prjv-jj26-wf8h", "reference_id": "GHSA-prjv-jj26-wf8h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-prjv-jj26-wf8h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20586?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.16.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-2rjv-1thm-dugt" }, { "vulnerability": "VCID-2v7h-fght-cugn" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-8mws-fbmg-cqa9" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-me84-wy85-hkf5" }, { "vulnerability": "VCID-tcaj-6bcg-k7g2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zb3c-gnyc-yug8" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/20924?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-2rjv-1thm-dugt" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-7fgd-jnfe-gkhp" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-czjh-bpfk-3yh6" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-p9xh-frm5-8ucp" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2014-0112", "GHSA-prjv-jj26-wf8h" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h4yg-zrv6-aqa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8195?format=api", "vulnerability_id": "VCID-me84-wy85-hkf5", "summary": "Cross-Site Scripting vulnerability on \"Problem Report\" screen\nWhen Debug mode is turned on, under certain conditions an arbitrary script may be executed in the `Problem Report` screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script.", "references": [ { "reference_url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html" }, { "reference_url": "http://jvn.jp/en/jp/JVN95989300/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN95989300/index.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.79005", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.78861", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.78886", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.78893", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.78916", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.789", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.78891", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.78919", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.78917", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.78914", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.78944", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.78952", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.78968", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.78984", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.78844", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.7885", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.78879", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5169" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5169", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5169" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180629-0003/" }, { "reference_url": "https://struts.apache.org/docs/s2-025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-025.html" }, { "reference_url": "http://www.securityfocus.com/bid/76625", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/76625" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-vwhv-j36g-5rm8", "reference_id": "GHSA-vwhv-j36g-5rm8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vwhv-j36g-5rm8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20924?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-2rjv-1thm-dugt" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-7fgd-jnfe-gkhp" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-czjh-bpfk-3yh6" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-p9xh-frm5-8ucp" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2015-5169", "GHSA-vwhv-j36g-5rm8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-me84-wy85-hkf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4820?format=api", "vulnerability_id": "VCID-n2dn-bnjc-13gp", "summary": "CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0113", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.82051", "scoring_system": "epss", "scoring_elements": "0.99219", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.82051", "scoring_system": "epss", "scoring_elements": "0.99211", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.82051", "scoring_system": "epss", "scoring_elements": "0.99212", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.82051", "scoring_system": "epss", "scoring_elements": "0.99214", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.82051", "scoring_system": "epss", "scoring_elements": "0.99215", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.82051", "scoring_system": "epss", "scoring_elements": "0.99218", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.82051", "scoring_system": "epss", "scoring_elements": "0.992", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.82051", "scoring_system": "epss", "scoring_elements": "0.99202", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.82051", "scoring_system": "epss", "scoring_elements": "0.99204", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.82051", "scoring_system": "epss", "scoring_elements": "0.99208", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.82051", "scoring_system": "epss", "scoring_elements": "0.99209", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.82051", "scoring_system": "epss", "scoring_elements": "0.9921", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0113" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-021", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-021" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0113", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0113" }, { "reference_url": "http://struts.apache.org/docs/s2-021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-021.html" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092201", "reference_id": "1092201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092201" }, { "reference_url": "https://github.com/advisories/GHSA-3c5c-xrq4-qhr8", "reference_id": "GHSA-3c5c-xrq4-qhr8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3c5c-xrq4-qhr8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20586?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.16.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-2rjv-1thm-dugt" }, { "vulnerability": "VCID-2v7h-fght-cugn" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-8mws-fbmg-cqa9" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-me84-wy85-hkf5" }, { "vulnerability": "VCID-tcaj-6bcg-k7g2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zb3c-gnyc-yug8" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/20924?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-2rjv-1thm-dugt" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-7fgd-jnfe-gkhp" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-czjh-bpfk-3yh6" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-p9xh-frm5-8ucp" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2014-0113", "GHSA-3c5c-xrq4-qhr8" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n2dn-bnjc-13gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15580?format=api", "vulnerability_id": "VCID-tcaj-6bcg-k7g2", "summary": "Improper Input Validation\nThe TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3090", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84511", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.8433", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84345", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84365", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84367", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84389", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84395", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84412", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84406", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84402", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84425", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84427", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84453", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84462", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84466", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84485", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3090" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180629-0005/" }, { "reference_url": "https://struts.apache.org/docs/s2-027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-027.html" }, { "reference_url": "https://web.archive.org/web/20210123095942/http://www.securityfocus.com/bid/85131", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123095942/http://www.securityfocus.com/bid/85131" }, { "reference_url": "https://web.archive.org/web/20211206100940/https://www.securitytracker.com/id/1035267", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20211206100940/https://www.securitytracker.com/id/1035267" }, { "reference_url": "https://www.securitytracker.com/id/1035267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.securitytracker.com/id/1035267" }, { "reference_url": "http://www.securityfocus.com/bid/85131", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/85131" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3090", "reference_id": "CVE-2016-3090", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3090" }, { "reference_url": "https://github.com/advisories/GHSA-ggmp-fxfg-277r", "reference_id": "GHSA-ggmp-fxfg-277r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ggmp-fxfg-277r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20924?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-2rjv-1thm-dugt" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-7fgd-jnfe-gkhp" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-czjh-bpfk-3yh6" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-p9xh-frm5-8ucp" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2016-3090", "GHSA-ggmp-fxfg-277r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tcaj-6bcg-k7g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4906?format=api", "vulnerability_id": "VCID-zb3c-gnyc-yug8", "summary": "CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.86265", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.86196", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.86202", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.86193", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.86215", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.86225", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.86244", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.86114", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.86124", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.8614", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.86159", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.86171", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.86186", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.86183", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.86179", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0116" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02" }, { "reference_url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0116", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0116" }, { "reference_url": "http://struts.apache.org/docs/s2-022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-022.html" }, { "reference_url": "http://struts.apache.org/release/2.3.x/docs/s2-022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/release/2.3.x/docs/s2-022.html" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116" }, { "reference_url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094558", "reference_id": "1094558", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094558" }, { "reference_url": "https://github.com/advisories/GHSA-hmhq-382q-mp56", "reference_id": "GHSA-hmhq-382q-mp56", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hmhq-382q-mp56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20665?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.16.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-2rjv-1thm-dugt" }, { "vulnerability": "VCID-2v7h-fght-cugn" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-8mws-fbmg-cqa9" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-me84-wy85-hkf5" }, { "vulnerability": "VCID-tcaj-6bcg-k7g2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/20924?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chz-36wn-9fcv" }, { "vulnerability": "VCID-2rjv-1thm-dugt" }, { "vulnerability": "VCID-3yq7-n972-j7dh" }, { "vulnerability": "VCID-4agy-6nsx-7ufh" }, { "vulnerability": "VCID-579w-2k2v-efa2" }, { "vulnerability": "VCID-6hrc-fm64-ckhf" }, { "vulnerability": "VCID-74ab-1p1c-4qbd" }, { "vulnerability": "VCID-79j9-v8gz-rfax" }, { "vulnerability": "VCID-7c97-nj5a-hqb8" }, { "vulnerability": "VCID-7fgd-jnfe-gkhp" }, { "vulnerability": "VCID-87fh-rvvb-6ubq" }, { "vulnerability": "VCID-8bsh-bshc-vkgq" }, { "vulnerability": "VCID-95ts-vpk6-uubg" }, { "vulnerability": "VCID-at5c-f8p8-67fh" }, { "vulnerability": "VCID-b7zy-qhz9-tuar" }, { "vulnerability": "VCID-bgbt-j1n9-6yg5" }, { "vulnerability": "VCID-cm62-bsdz-yye2" }, { "vulnerability": "VCID-czjh-bpfk-3yh6" }, { "vulnerability": "VCID-dk2f-14xj-9bf8" }, { "vulnerability": "VCID-gfxq-vtry-bqgg" }, { "vulnerability": "VCID-hgj2-vqzn-gyeb" }, { "vulnerability": "VCID-j5su-cnqd-6yad" }, { "vulnerability": "VCID-mdde-pa5h-w7g4" }, { "vulnerability": "VCID-p9xh-frm5-8ucp" }, { "vulnerability": "VCID-sf53-bgb2-7ue2" }, { "vulnerability": "VCID-tgd1-s1yg-9fdt" }, { "vulnerability": "VCID-vgp6-jxqt-pbf4" }, { "vulnerability": "VCID-y4qu-21c9-6fav" }, { "vulnerability": "VCID-y5uq-a6dx-3yd4" }, { "vulnerability": "VCID-ygbu-vb2t-jqhx" }, { "vulnerability": "VCID-zxww-8kb3-tufv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2014-0116", "GHSA-hmhq-382q-mp56" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zb3c-gnyc-yug8" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" }