) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:apache:struts:1.3.7
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-34396 |
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater Published: June 14, 2023; 4:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2023-34149 |
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater. Published: June 14, 2023; 4:15:09 AM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2016-1182 |
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899. Published: July 04, 2016; 6:59:02 PM -0400 |
V3.0: 8.2 HIGH V2.0: 6.4 MEDIUM |
| CVE-2016-1181 |
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899. Published: July 04, 2016; 6:59:01 PM -0400 |
V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |