This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Name cpe:/a:apache:struts:2.0.13
Detail
Vendor Apache First view 2010-08-17
Product Struts Last view 2014-05-08
Version 2.0.13 Type Application
Edition  
Language  
Update  
 
CPE Product cpe:/a:apache:struts

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
5.8 2014-05-08 CVE-2014-0116 Network Medium None Requ...
7.5 2014-04-29 CVE-2014-0113 Network Low None Requ...
7.5 2014-04-29 CVE-2014-0112 Network Low None Requ...
5 2014-03-11 CVE-2014-0094 Network Low None Requ...
10 2013-09-30 CVE-2013-4316 Network Low None Requ...
Hide | Show 18 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
5.8 2013-09-30 CVE-2013-4310 Network Medium None Requ...
9.3 2013-07-19 CVE-2013-2251 Network Medium None Requ...
5.8 2013-07-19 CVE-2013-2248 Network Medium None Requ...
9.3 2013-07-16 CVE-2013-2135 Network Medium None Requ...
9.3 2013-07-16 CVE-2013-2134 Network Medium None Requ...
9.3 2013-07-10 CVE-2013-2115 Network Medium None Requ...
9.3 2013-07-10 CVE-2013-1966 Network Medium None Requ...
9.3 2013-07-10 CVE-2013-1965 Network Medium None Requ...
5 2012-09-05 CVE-2012-4387 Network Low None Requ...
6.8 2012-09-05 CVE-2012-4386 Network Medium None Requ...
6.8 2012-01-08 CVE-2012-0394 Network Medium None Requ...
6.4 2012-01-08 CVE-2012-0393 Network Low None Requ...
9.3 2012-01-08 CVE-2012-0392 Network Medium None Requ...
9.3 2012-01-08 CVE-2012-0391 Network Medium None Requ...
5 2012-01-08 CVE-2011-5057 Network Low None Requ...
4.3 2011-05-13 CVE-2011-2087 Network Medium None Requ...
2.6 2011-05-13 CVE-2011-1772 Network High None Requ...
5 2010-08-17 CVE-2010-1870 Network Low None Requ...

CWE : Common Weakness Enumeration

%idName
38% (8)CWE-264Permissions, Privileges, and Access Controls
28% (6)CWE-94Failure to Control Generation of Code ('Code Injection')
14% (3)CWE-20Improper Input Validation
9% (2)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
4% (1)CWE-352Cross-Site Request Forgery (CSRF)
Hide | Show 1 More...
%idName
4% (1)CWE-16Configuration

Open Source Vulnerability Database (OSVDB)

idDescription
78277Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Exec...
78276Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remot...
78109Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
78108Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
77599Struts2 SessionAware / RequestAware Request Parsing Session Map Manipulation
Hide | Show 3 More...
idDescription
73600Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Pa...
72238Apache Struts Action / Method Names <s:submit> Tag XWork Error Pages XSS
66280Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution

ExploitDB Exploits

idDescription
14360Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability

Metasploit Exploits

idDescription
2012-01-06Apache Struts Remote Command Execution
2010-07-13Apache Struts Remote Command Execution
2013-05-24Apache Struts includeParams Remote Code Execution
2014-03-06Apache Struts ClassLoader Manipulation Remote Code Execution
2012-01-06Apache Struts 2 Developer Mode OGNL Execution
Hide | Show 1 More...
idDescription
2013-07-02Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution

OpenVAS Exploits

idDescription
2012-08-31Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.
File : nvt/gb_VMSA-2012-0013.nasl
2010-12-21Name : Apache Struts2/XWork Remote Command Execution Vulnerability
File : nvt/gb_apache_struts_xwork_cmd_exec_vuln.nasl
2010-09-10Name : Struts Remote Command Execution Vulnerability
File : nvt/gb_apache_struts_remote_cmd_exec_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

idDescription
2014-B-0090Multiple Vulnerabilities in VMware vCenter Operations
Severity : Category I - VMSKEY : V0052895
2014-A-0066Apache Struts Security Bypass Vulnerability
Severity : Category I - VMSKEY : V0050231
2014-A-0061Multiple Vulnerabilities in Apache Struts
Severity : Category I - VMSKEY : V0050007
2014-A-0009Multiple Vulnerabilities in Oracle Fusion Middleware
Severity : Category I - VMSKEY : V0043395
2014-A-0011Multiple Vulnerabilities in Oracle MySQL Products
Severity : Category I - VMSKEY : V0043399
Hide | Show 3 More...
idDescription
2013-A-0201Multiple Vulnerabilities in Oracle MySQL Products
Severity : Category I - VMSKEY : V0040782
2013-A-0183Multiple Vulnerabilities in Apache Struts
Severity : Category I - VMSKEY : V0040489
2012-B-0086VMware vCenter Operations Arbitrary File Overwrite Vulnerability
Severity : Category I - VMSKEY : V0033791

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
DateDescription
2014-06-12Apache Struts CookieInterceptor classloader access attempt
RuleID : 30944 - Type : SERVER-APACHE - Revision : 1
2014-05-25Apache Struts ParametersInterceptor classloader access attempt
RuleID : 30793 - Type : SERVER-APACHE - Revision : 1
2014-05-25Apache Struts ParametersInterceptor classloader access attempt
RuleID : 30792 - Type : SERVER-APACHE - Revision : 2
2014-05-25Apache Struts ParametersInterceptor classloader access attempt
RuleID : 30791 - Type : SERVER-APACHE - Revision : 1
2014-05-25Apache Struts ParametersInterceptor classloader access attempt
RuleID : 30790 - Type : SERVER-APACHE - Revision : 2
Hide | Show 20 More...
DateDescription
2014-03-27Apache Struts remote code execution attempt - CookieInterceptor
RuleID : 29936 - Type : SERVER-APACHE - Revision : 1
2014-03-22Apache Struts allowStaticMethodAccess invocation attempt
RuleID : 29859 - Type : SERVER-APACHE - Revision : 1
2014-03-15Apache Struts2 blacklisted method redirect
RuleID : 29748 - Type : SERVER-APACHE - Revision : 1
2014-03-15Apache Struts2 blacklisted method redirect
RuleID : 29747 - Type : SERVER-APACHE - Revision : 1
2014-03-13Apache Struts wildcard matching OGNL remote code execution attempt
RuleID : 29639 - Type : SERVER-APACHE - Revision : 1
2014-03-06Apache Struts wildcard matching OGNL remote code execution attempt
RuleID : 29592 - Type : SERVER-APACHE - Revision : 1
2014-01-10Apache Struts arbitrary OGNL remote code execution attempt
RuleID : 27575 - Type : SERVER-APACHE - Revision : 2
2014-01-10Apache Struts OGNL getRuntime.exec static method access attempt
RuleID : 27574 - Type : SERVER-APACHE - Revision : 2
2014-01-10Apache Struts wildcard matching OGNL remote code execution attempt
RuleID : 27573 - Type : SERVER-APACHE - Revision : 2
2014-01-10Apache Struts wildcard matching OGNL remote code execution attempt
RuleID : 27572 - Type : SERVER-APACHE - Revision : 2
2014-01-10Apache Struts2 remote code execution attempt
RuleID : 27245 - Type : SERVER-APACHE - Revision : 2
2014-01-10Apache Struts2 blacklisted method redirect
RuleID : 27244 - Type : SERVER-APACHE - Revision : 5
2014-01-10Apache Struts2 blacklisted method redirectAction
RuleID : 27243 - Type : SERVER-APACHE - Revision : 5
2014-01-10Apache Struts allowStaticMethodAccess invocation attempt
RuleID : 26825 - Type : SERVER-OTHER - Revision : 3
2014-01-10Apache Struts allowStaticMethodAccess invocation attempt
RuleID : 26824 - Type : SERVER-OTHER - Revision : 3
2014-01-10Apache Struts2 skillName remote code execution attempt
RuleID : 26772 - Type : SERVER-OTHER - Revision : 2
2014-01-10Apache Struts remote code execution attempt - POST parameter
RuleID : 23631 - Type : SERVER-APACHE - Revision : 3
2014-01-10Apache Struts remote code execution attempt - GET parameter
RuleID : 21656 - Type : SERVER-APACHE - Revision : 4
2014-01-10Apache Struts remote code execution attempt - DebuggingInterceptor
RuleID : 21075 - Type : SERVER-APACHE - Revision : 4
2014-01-10Apache Struts remote code execution attempt - CookieInterceptor
RuleID : 21074 - Type : SERVER-APACHE - Revision : 5

Nessus® Vulnerability Scanner

idDescription
2014-07-07Name : The remote host has a virtualization appliance installed that is affected by ...
File : vcenter_operations_manager_vmsa_2014-0007.nasl - Type : ACT_GATHER_INFO
2014-06-07Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysql55client18-140527.nasl - Type : ACT_GATHER_INFO
2014-05-09Name : The remote web server contains a web application that uses a Java framework t...
File : struts_2_3_16_3.nasl - Type : ACT_GATHER_INFO
2014-04-29Name : The remote web server hosts an application that is affected by multiple vulne...
File : archiva_1_3_8.nasl - Type : ACT_GATHER_INFO
2014-04-29Name : The remote web server contains a web application that uses a Java framework t...
File : struts_2_3_16_2_dos.nasl - Type : ACT_DENIAL
Hide | Show 10 More...
idDescription
2014-03-26Name : The remote web server contains a web application that uses a Java framework t...
File : struts_2_3_16_1_classloader_manipulation.nasl - Type : ACT_ATTACK
2013-09-27Name : The remote web server contains a web application that uses a Java framework, ...
File : struts_2_3_15_2.nasl - Type : ACT_GATHER_INFO
2013-08-07Name : The remote web server contains a web application that uses a Java framework, ...
File : struts_exceptiondelegator_command_execution.nasl - Type : ACT_ATTACK
2013-07-29Name : The remote host has a virtualization appliance installed that is affected by ...
File : vcenter_operations_manager_vmsa_2012-0013.nasl - Type : ACT_GATHER_INFO
2013-07-19Name : The remote web server contains a web application that uses a Java framework, ...
File : struts_2_3_15_1_command_execution.nasl - Type : ACT_ATTACK
2013-06-19Name : The remote web server contains a web application that uses a Java framework, ...
File : struts_2_3_14_2_command_execution.nasl - Type : ACT_ATTACK
2013-06-19Name : The remote web server contains a web application that uses a Java framework t...
File : struts_2_3_14_3_command_execution.nasl - Type : ACT_ATTACK
2012-08-31Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO
2012-01-25Name : A remote web application uses a framework that is affected by code execution ...
File : struts_xwork_ognl_code_execution_safe1.nasl - Type : ACT_ATTACK
2010-07-29Name : A remote web application uses a framework that has a code execution vulnerabi...
File : struts_xwork_ognl_code_execution_safe.nasl - Type : ACT_ATTACK