Apache Struts vulnerabilities

CVE-2013-2251 [CRITICAL] CWE-74 CVE-2013-2251: Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

CVE-2013-2248 [MEDIUM] CWE-20 CVE-2013-2248: Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.

CVE-2013-2135 [CRITICAL] CWE-94 CVE-2013-2135: Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.

CVE-2013-2134 [CRITICAL] CWE-94 CVE-2013-2134: Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.

CVE-2013-1966 [CRITICAL] CWE-94 CVE-2013-1966: Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.

CVE-2013-1965 [CRITICAL] CWE-94 CVE-2013-1965: Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.

CVE-2013-2115 [HIGH] CVE-2013-2115: Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.

CVE-2012-4386 [MEDIUM] CWE-352 CVE-2012-4386: The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.

CVE-2012-4387 [MEDIUM] CWE-264 CVE-2012-4387: Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumpt Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.

CVE-2012-0838 [CRITICAL] CWE-20 CVE-2012-0838: Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a con Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.

CVE-2012-1006 [MEDIUM] CWE-79 CVE-2012-1006: Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote a Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.

CVE-2012-1007 [MEDIUM] CWE-79 CVE-2012-1007: Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers t Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.

CVE-2012-0391 [CRITICAL] CWE-20 CVE-2012-0391: The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.

CVE-2011-5057 [MEDIUM] CWE-264 CVE-2011-5057: Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, Req

CVE-2012-0392 [MEDIUM] CVE-2012-0392: The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whit The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.

CVE-2012-0393 [MEDIUM] CWE-264 CVE-2012-0393: The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.

CVE-2012-0394 [MEDIUM] CWE-94 CVE-2012-0394: The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, all The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.

CVE-2011-2088 [MEDIUM] CVE-2011-2088: XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote at XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.

CVE-2011-2087 [MEDIUM] CWE-79 CVE-2011-2087: Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenH

CVE-2011-1772 [LOW] CWE-79 CVE-2011-1772: Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.