{"url":"http://public2.vulnerablecode.io/api/packages/32385?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.0","type":"maven","namespace":"org.apache.struts","name":"struts2-core","version":"2.5.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.8.0","latest_non_vulnerable_version":"7.1.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4664?format=json","vulnerability_id":"VCID-579w-2k2v-efa2","summary":"In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12611","reference_id":"","reference_type":"","scores":[{"value":"0.94228","scoring_system":"epss","scoring_elements":"0.99929","published_at":"2026-05-14T12:55:00Z"},{"value":"0.94228","scoring_system":"epss","scoring_elements":"0.99928","published_at":"2026-05-05T12:55:00Z"},{"value":"0.94228","scoring_system":"epss","scoring_elements":"0.99927","published_at":"2026-04-21T12:55:00Z"},{"value":"0.94228","scoring_system":"epss","scoring_elements":"0.99926","published_at":"2026-04-18T12:55:00Z"},{"value":"0.94228","scoring_system":"epss","scoring_elements":"0.99925","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12611"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa"},{"reference_url":"https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f"},{"reference_url":"https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001"},{"reference_url":"https://struts.apache.org/docs/s2-053.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-053.html"},{"reference_url":"https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829"},{"reference_url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"},{"reference_url":"http://www.securityfocus.com/bid/100829","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100829"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489478","reference_id":"1489478","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489478"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*"},{"reference_url":"https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py","reference_id":"CVE-2017-12611","reference_type":"exploit","scores":[],"url":"https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py","reference_id":"CVE-2017-12611","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12611","reference_id":"CVE-2017-12611","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12611"},{"reference_url":"https://github.com/advisories/GHSA-8fx9-5hx8-crhm","reference_id":"GHSA-8fx9-5hx8-crhm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fx9-5hx8-crhm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24323?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zkg1-bed6-bbfv"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/77954?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/24325?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12"}],"aliases":["CVE-2017-12611","GHSA-8fx9-5hx8-crhm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-579w-2k2v-efa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4813?format=json","vulnerability_id":"VCID-5qtg-djvn-97ht","summary":"In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8738","reference_id":"","reference_type":"","scores":[{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78299","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78113","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.7811","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78145","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78144","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78137","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78171","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78176","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78191","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78204","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.7823","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78247","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78238","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78257","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78055","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78063","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78093","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78075","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78101","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78105","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01107","scoring_system":"epss","scoring_elements":"0.78131","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8738"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/554b9dddb0fbd1e581ef577dd62a7c22955ad0f6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/554b9dddb0fbd1e581ef577dd62a7c22955ad0f6"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0003","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180629-0003/"},{"reference_url":"https://struts.apache.org/docs/s2-044.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-044.html"},{"reference_url":"http://www.securityfocus.com/bid/94657","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94657"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8738","reference_id":"CVE-2016-8738","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8738"},{"reference_url":"https://github.com/advisories/GHSA-86vq-8qhc-5rqw","reference_id":"GHSA-86vq-8qhc-5rqw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-86vq-8qhc-5rqw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24328?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zkg1-bed6-bbfv"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/24696?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13"}],"aliases":["CVE-2016-8738","GHSA-86vq-8qhc-5rqw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qtg-djvn-97ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5135?format=json","vulnerability_id":"VCID-74ab-1p1c-4qbd","summary":"In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6795","reference_id":"","reference_type":"","scores":[{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89748","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89856","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89839","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89831","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89835","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89824","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89809","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89796","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89795","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89781","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89787","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89786","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89771","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89777","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89729","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89779","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89772","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89733","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89766","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05049","scoring_system":"epss","scoring_elements":"0.89747","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6795"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129"},{"reference_url":"https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab"},{"reference_url":"https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180629-0003/"},{"reference_url":"https://struts.apache.org/docs/s2-042.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-042.html"},{"reference_url":"https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773"},{"reference_url":"http://www.securityfocus.com/bid/93773","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/93773"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6795","reference_id":"CVE-2016-6795","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6795"},{"reference_url":"https://github.com/advisories/GHSA-44hv-jjx7-qfjg","reference_id":"GHSA-44hv-jjx7-qfjg","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-44hv-jjx7-qfjg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24327?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-5qtg-djvn-97ht"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zkg1-bed6-bbfv"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.5"}],"aliases":["CVE-2016-6795","GHSA-44hv-jjx7-qfjg"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-74ab-1p1c-4qbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4648?format=json","vulnerability_id":"VCID-7c97-nj5a-hqb8","summary":"","references":[{"reference_url":"http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html"},{"reference_url":"http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5638.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5638.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5638","reference_id":"","reference_type":"","scores":[{"value":"0.94267","scoring_system":"epss","scoring_elements":"0.99939","published_at":"2026-05-09T12:55:00Z"},{"value":"0.94267","scoring_system":"epss","scoring_elements":"0.99937","published_at":"2026-04-24T12:55:00Z"},{"value":"0.94267","scoring_system":"epss","scoring_elements":"0.99936","published_at":"2026-04-04T12:55:00Z"},{"value":"0.94267","scoring_system":"epss","scoring_elements":"0.99938","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5638"},{"reference_url":"https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-045","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-045"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-046","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-046"},{"reference_url":"https://exploit-db.com/exploits/41570","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://exploit-db.com/exploits/41570"},{"reference_url":"https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a"},{"reference_url":"https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228"},{"reference_url":"https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a"},{"reference_url":"https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a"},{"reference_url":"https://github.com/apache/struts/commit/6b8272ce47160036ed120a48345d9aa884477228","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/6b8272ce47160036ed120a48345d9aa884477228"},{"reference_url":"https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b"},{"reference_url":"https://github.com/mazen160/struts-pwn","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://github.com/mazen160/struts-pwn"},{"reference_url":"https://github.com/rapid7/metasploit-framework/issues/8064","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://github.com/rapid7/metasploit-framework/issues/8064"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us"},{"reference_url":"https://isc.sans.edu/diary/22169","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://isc.sans.edu/diary/22169"},{"reference_url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E"},{"reference_url":"https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html"},{"reference_url":"https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt"},{"reference_url":"https://security.netapp.com/advisory/ntap-20170310-0001","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20170310-0001"},{"reference_url":"https://struts.apache.org/docs/s2-045.html","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://struts.apache.org/docs/s2-045.html"},{"reference_url":"https://struts.apache.org/docs/s2-046.html","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://struts.apache.org/docs/s2-046.html"},{"reference_url":"https://support.lenovo.com/us/en/product_security/len-14200","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://support.lenovo.com/us/en/product_security/len-14200"},{"reference_url":"https://twitter.com/theog150/status/841146956135124993","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://twitter.com/theog150/status/841146956135124993"},{"reference_url":"https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729"},{"reference_url":"https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5638","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5638"},{"reference_url":"https://www.exploit-db.com/exploits/41614","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/41614"},{"reference_url":"https://www.kb.cert.org/vuls/id/834067","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://www.kb.cert.org/vuls/id/834067"},{"reference_url":"https://www.symantec.com/security-center/network-protection-security-advisories/SA145","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://www.symantec.com/security-center/network-protection-security-advisories/SA145"},{"reference_url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt"},{"reference_url":"http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"http://www.securityfocus.com/bid/96729","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"http://www.securityfocus.com/bid/96729"},{"reference_url":"http://www.securitytracker.com/id/1037973","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"http://www.securitytracker.com/id/1037973"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1430326","reference_id":"1430326","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1430326"},{"reference_url":"https://www.exploit-db.com/exploits/41614/","reference_id":"41614","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://www.exploit-db.com/exploits/41614/"},{"reference_url":"https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/","reference_id":"critical-vulnerability-under-massive-attack-imperils-high-impact-sites","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/"},{"reference_url":"https://github.com/nixawk/labs/tree/17cf725d64f33ef51b820dea4fc1e6133f579d64/CVE-2017-5638","reference_id":"CVE-2017-5638","reference_type":"exploit","scores":[],"url":"https://github.com/nixawk/labs/tree/17cf725d64f33ef51b820dea4fc1e6133f579d64/CVE-2017-5638"},{"reference_url":"https://github.com/rapid7/metasploit-framework/blob/173633263853c7717caa658a9b98350b985cda02/modules/exploits/multi/http/struts2_content_type_ognl.rb","reference_id":"CVE-2017-5638","reference_type":"exploit","scores":[],"url":"https://github.com/rapid7/metasploit-framework/blob/173633263853c7717caa658a9b98350b985cda02/modules/exploits/multi/http/struts2_content_type_ognl.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41570.py","reference_id":"CVE-2017-5638","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41570.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41614.rb","reference_id":"CVE-2017-5638","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41614.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5638","reference_id":"CVE-2017-5638","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5638"},{"reference_url":"http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/","reference_id":"cve-2017-5638-apache-struts-vulnerability-remote-code-execution","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/"},{"reference_url":"https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/","reference_id":"cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/"},{"reference_url":"https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2","reference_id":"CVE-2017-5638-NEW-REMOTE-CODE-EXECUTION-RCE-VULNERABILITY-IN-APACHE-STRUTS-2","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2"},{"reference_url":"https://github.com/advisories/GHSA-j77q-2qqg-6989","reference_id":"GHSA-j77q-2qqg-6989","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j77q-2qqg-6989"},{"reference_url":"https://security.netapp.com/advisory/ntap-20170310-0001/","reference_id":"ntap-20170310-0001","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20170310-0001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24323?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zkg1-bed6-bbfv"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1"}],"aliases":["CVE-2017-5638","GHSA-j77q-2qqg-6989"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7c97-nj5a-hqb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23630?format=json","vulnerability_id":"VCID-j8jv-hzsy-nyec","summary":"Apache Struts is Vulnerable to DoS via File Leak\nDenial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.\n\nThis issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3.\n\nUsers are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64775.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64775","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30484","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30476","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30407","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31279","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37928","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37852","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37875","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41257","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41245","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41274","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41199","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41249","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41278","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41247","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41233","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41277","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41248","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41176","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49547","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49557","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64775"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-068","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:22:57Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-068"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/12/01/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/12/01/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418059","reference_id":"2418059","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418059"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64775","reference_id":"CVE-2025-64775","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64775"},{"reference_url":"https://github.com/advisories/GHSA-xx7v-hqxh-cjr9","reference_id":"GHSA-xx7v-hqxh-cjr9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xx7v-hqxh-cjr9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66570?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.8.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/66571?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@7.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1"}],"aliases":["CVE-2025-64775","GHSA-xx7v-hqxh-cjr9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j8jv-hzsy-nyec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4629?format=json","vulnerability_id":"VCID-mdde-pa5h-w7g4","summary":"In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.  NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9804.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9804.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9804","reference_id":"","reference_type":"","scores":[{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89367","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89347","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89336","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89338","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89325","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89307","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89298","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89295","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.8929","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89278","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89265","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89268","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89272","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89263","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89258","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89241","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89238","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89223","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89217","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9804"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/3fddfb6eb562d597c935084e9e81d43ed6bcd02","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/3fddfb6eb562d597c935084e9e81d43ed6bcd02"},{"reference_url":"https://github.com/apache/struts/commit/418a20c0594f23764fe29ced400c1219239899a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/418a20c0594f23764fe29ced400c1219239899a"},{"reference_url":"https://github.com/apache/struts/commit/744c1f409d983641af3e8e3b573c2f2d2c2c6d9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/744c1f409d983641af3e8e3b573c2f2d2c2c6d9"},{"reference_url":"https://github.com/apache/struts/commit/8a04e80f01350c90f053d71366d5e0c2186fded","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/8a04e80f01350c90f053d71366d5e0c2186fded"},{"reference_url":"https://github.com/apache/struts/commit/9d47af6ffa355977b5acc713e6d1f25fac260a2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/9d47af6ffa355977b5acc713e6d1f25fac260a2"},{"reference_url":"https://github.com/apache/struts/commit/a05259ed69a5a48379aa91650e4cd1cb4bd6e5a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/a05259ed69a5a48379aa91650e4cd1cb4bd6e5a"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180629-0001/"},{"reference_url":"https://struts.apache.org/docs/s2-050.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-050.html"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2"},{"reference_url":"https://web.archive.org/web/20171113165852/http://www.securityfocus.com/bid/100612","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20171113165852/http://www.securityfocus.com/bid/100612"},{"reference_url":"https://web.archive.org/web/20201021075553/http://www.securitytracker.com/id/1039261","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201021075553/http://www.securitytracker.com/id/1039261"},{"reference_url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"},{"reference_url":"http://www.securityfocus.com/bid/100612","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100612"},{"reference_url":"http://www.securitytracker.com/id/1039261","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039261"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488491","reference_id":"1488491","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488491"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9804","reference_id":"CVE-2017-9804","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9804"},{"reference_url":"https://github.com/advisories/GHSA-x5x7-3v85-wpc4","reference_id":"GHSA-x5x7-3v85-wpc4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x5x7-3v85-wpc4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24696?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13"}],"aliases":["CVE-2017-9804","GHSA-x5x7-3v85-wpc4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mdde-pa5h-w7g4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5001?format=json","vulnerability_id":"VCID-sf53-bgb2-7ue2","summary":"The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000114","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000114"},{"reference_url":"http://jvn.jp/en/jp/JVN12352818/index.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN12352818/index.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4465.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4465.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4465","reference_id":"","reference_type":"","scores":[{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.9328","published_at":"2026-05-14T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93183","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93181","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.9319","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93194","published_at":"2026-04-09T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93199","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93197","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93198","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93214","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93219","published_at":"2026-04-18T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93226","published_at":"2026-04-21T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93232","published_at":"2026-04-24T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.9323","published_at":"2026-04-26T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93225","published_at":"2026-04-29T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93233","published_at":"2026-05-05T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93247","published_at":"2026-05-07T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93256","published_at":"2026-05-11T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93264","published_at":"2026-05-12T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93169","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10357","scoring_system":"epss","scoring_elements":"0.93178","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4465"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348253","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348253"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/a0fdca138feec2c2e94eb75ca1f8b76678b4d152","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/a0fdca138feec2c2e94eb75ca1f8b76678b4d152"},{"reference_url":"https://github.com/apache/struts/commit/eccc31ebce5430f9e91b9684c63eaaf885e603f9","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/eccc31ebce5430f9e91b9684c63eaaf885e603f9"},{"reference_url":"https://struts.apache.org/docs/s2-041.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-041.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21987854","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21987854"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"http://www.securityfocus.com/bid/91278","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91278"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4465","reference_id":"CVE-2016-4465","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4465"},{"reference_url":"https://github.com/advisories/GHSA-xg75-68x3-7p3q","reference_id":"GHSA-xg75-68x3-7p3q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xg75-68x3-7p3q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22671?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-5qtg-djvn-97ht"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zkg1-bed6-bbfv"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/24696?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13"}],"aliases":["CVE-2016-4465","GHSA-xg75-68x3-7p3q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sf53-bgb2-7ue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20221?format=json","vulnerability_id":"VCID-tgd1-s1yg-9fdt","summary":"Apache Struts 2 is Missing XML Validation\nMissing XML Validation vulnerability in Apache Struts, Apache Struts.\n\nThis issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.\n\nUsers are recommended to upgrade to version 6.1.1, which fixes the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68493","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07816","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07792","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07799","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07728","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07588","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07607","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07638","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07661","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07598","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07712","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0764","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07615","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07673","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07691","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0769","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07676","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0766","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07572","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07585","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09878","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68493"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-069","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-069"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68493","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68493"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/01/11/2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/01/11/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428559","reference_id":"2428559","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428559"},{"reference_url":"https://github.com/advisories/GHSA-qcfc-hmrc-59x7","reference_id":"GHSA-qcfc-hmrc-59x7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qcfc-hmrc-59x7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61702?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.1"}],"aliases":["CVE-2025-68493","GHSA-qcfc-hmrc-59x7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgd1-s1yg-9fdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4915?format=json","vulnerability_id":"VCID-y4qu-21c9-6fav","summary":"When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9787.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9787.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9787","reference_id":"","reference_type":"","scores":[{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92291","published_at":"2026-05-14T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92184","published_at":"2026-04-01T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92191","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92197","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.922","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92212","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92215","published_at":"2026-04-09T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92221","published_at":"2026-04-11T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92222","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92218","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.9223","published_at":"2026-04-16T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92229","published_at":"2026-04-18T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92231","published_at":"2026-04-21T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92235","published_at":"2026-04-24T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92236","published_at":"2026-04-26T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92232","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92242","published_at":"2026-05-05T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92253","published_at":"2026-05-07T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92261","published_at":"2026-05-09T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92265","published_at":"2026-05-11T12:55:00Z"},{"value":"0.08229","scoring_system":"epss","scoring_elements":"0.92272","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9787"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts/commit/086b63735527d4bb0c1dd0d86a7c0374b825ff2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/086b63735527d4bb0c1dd0d86a7c0374b825ff2"},{"reference_url":"https://github.com/apache/struts/commit/0d6442bab5b44d93c4c2e63c5335f0a331333b9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/0d6442bab5b44d93c4c2e63c5335f0a331333b9"},{"reference_url":"https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180706-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180706-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180706-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180706-0002/"},{"reference_url":"http://struts.apache.org/docs/s2-049.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-049.html"},{"reference_url":"https://web.archive.org/web/20170910013819/http://www.securitytracker.com/id/1039115","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170910013819/http://www.securitytracker.com/id/1039115"},{"reference_url":"https://web.archive.org/web/20200227144723/http://www.securityfocus.com/bid/99562","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227144723/http://www.securityfocus.com/bid/99562"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"},{"reference_url":"http://www.securityfocus.com/bid/99562","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/99562"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480608","reference_id":"1480608","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480608"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9787","reference_id":"CVE-2017-9787","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9787"},{"reference_url":"https://github.com/advisories/GHSA-8mr5-h28g-36qx","reference_id":"GHSA-8mr5-h28g-36qx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8mr5-h28g-36qx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24325?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12"}],"aliases":["CVE-2017-9787","GHSA-8mr5-h28g-36qx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y4qu-21c9-6fav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4846?format=json","vulnerability_id":"VCID-zkg1-bed6-bbfv","summary":"If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7672.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7672.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7672","reference_id":"","reference_type":"","scores":[{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.80255","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.8005","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.8004","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.80068","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.80076","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.80096","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.8008","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.80072","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.801","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.80102","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.8013","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.80135","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.80151","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.80165","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.80186","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.80201","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.80198","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.80213","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.80021","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01346","scoring_system":"epss","scoring_elements":"0.80028","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7672"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/931df54ab379bf4eb5a625bf05066b8563c3737b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/931df54ab379bf4eb5a625bf05066b8563c3737b"},{"reference_url":"https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180706-0002","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180706-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180706-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180706-0002/"},{"reference_url":"http://struts.apache.org/docs/s2-047.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-047.html"},{"reference_url":"https://web.archive.org/web/20170907215142/http://www.securitytracker.com/id/1039114","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170907215142/http://www.securitytracker.com/id/1039114"},{"reference_url":"https://web.archive.org/web/20200227144724/http://www.securityfocus.com/bid/99563","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227144724/http://www.securityfocus.com/bid/99563"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"},{"reference_url":"http://www.securityfocus.com/bid/99563","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/99563"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480614","reference_id":"1480614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480614"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7672","reference_id":"CVE-2017-7672","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7672"},{"reference_url":"https://github.com/advisories/GHSA-9gp7-jvm2-r4mx","reference_id":"GHSA-9gp7-jvm2-r4mx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9gp7-jvm2-r4mx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24325?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12"}],"aliases":["CVE-2017-7672","GHSA-9gp7-jvm2-r4mx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkg1-bed6-bbfv"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.0"}