This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:apache:struts:2.0.13
Detail
VendorApacheFirst view 2010-08-17
ProductStrutsLast view2016-06-07
Version2.0.13TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:apache:struts

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
 DateAlertAccess VectorAccess ComplexityAuthentication
52016-06-07CVE-2016-3093NetworkLowNone Requ...
102016-04-26CVE-2016-3082NetworkLowNone Requ...
9.32016-04-26CVE-2016-3081NetworkMediumNone Requ...
4.32016-04-12CVE-2016-4003NetworkMediumNone Requ...
4.32016-04-12CVE-2016-2162NetworkMediumNone Requ...
Hide | Show 20 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
102016-04-12CVE-2016-0785NetworkLowNone Requ...
6.82014-12-10CVE-2014-7809NetworkMediumNone Requ...
5.82014-05-08CVE-2014-0116NetworkMediumNone Requ...
7.52014-04-29CVE-2014-0113NetworkLowNone Requ...
7.52014-04-29CVE-2014-0112NetworkLowNone Requ...
52014-03-11CVE-2014-0094NetworkLowNone Requ...
102013-09-30CVE-2013-4316NetworkLowNone Requ...
5.82013-09-30CVE-2013-4310NetworkMediumNone Requ...
9.32013-07-19CVE-2013-2251NetworkMediumNone Requ...
5.82013-07-19CVE-2013-2248NetworkMediumNone Requ...
9.32013-07-16CVE-2013-2135NetworkMediumNone Requ...
9.32013-07-16CVE-2013-2134NetworkMediumNone Requ...
9.32013-07-10CVE-2013-2115NetworkMediumNone Requ...
9.32013-07-10CVE-2013-1966NetworkMediumNone Requ...
9.32013-07-10CVE-2013-1965NetworkMediumNone Requ...
52012-09-05CVE-2012-4387NetworkLowNone Requ...
6.82012-09-05CVE-2012-4386NetworkMediumNone Requ...
102012-03-02CVE-2012-0838NetworkLowNone Requ...
6.82012-01-08CVE-2012-0394NetworkMediumNone Requ...

CWE : Common Weakness Enumeration

%idName
27% (8)CWE-264Permissions, Privileges, and Access Controls
24% (7)CWE-20Improper Input Validation
20% (6)CWE-94Failure to Control Generation of Code ('Code Injection')
13% (4)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
6% (2)CWE-352Cross-Site Request Forgery (CSRF)
Hide | Show 2 More...
%idName
3% (1)CWE-77Improper Sanitization of Special Elements used in a Command ('Comma...
3% (1)CWE-16Configuration

SAINT Exploits

DescriptionLink
Apache Struts DefaultActionMapper redirect Prefix VulnerabilityMore info here
Apache Struts 2 ConversionErrorInterceptor Java InjectionMore info here
Apache Struts2 XWork ParameterInterceptor security bypassMore info here
Apache Struts URL includeParams Attribute OGNL Code InjectionMore info here
Apache Struts Dynamic Method Invocation command executionMore info here

Open Source Vulnerability Database (OSVDB)

idDescription
78277Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Exec...
78276Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remot...
78109Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
78108Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
77599Struts2 SessionAware / RequestAware Request Parsing Session Map Manipulation
Hide | Show 3 More...
idDescription
73600Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Pa...
72238Apache Struts Action / Method Names <s:submit> Tag XWork Error Pages XSS
66280Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution

ExploitDB Exploits

idDescription
14360Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability

OpenVAS Exploits

idDescription
2012-08-31Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.
File : nvt/gb_VMSA-2012-0013.nasl
2012-03-13Name : Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
File : nvt/gb_apache_struts_showcase_java_method_exec_vuln.nasl
2010-12-21Name : Apache Struts2/XWork Remote Command Execution Vulnerability
File : nvt/gb_apache_struts_xwork_cmd_exec_vuln.nasl
2010-09-10Name : Struts Remote Command Execution Vulnerability
File : nvt/gb_apache_struts_remote_cmd_exec_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

idDescription
2015-A-0154Multiple Vulnerabilities in Oracle Fusion Middleware
Severity : Category I - VMSKEY : V0061081
2015-B-0083Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity : Category I - VMSKEY : V0060983
2014-B-0090Multiple Vulnerabilities in VMware vCenter Operations
Severity : Category I - VMSKEY : V0052895
2014-A-0066Apache Struts Security Bypass Vulnerability
Severity : Category I - VMSKEY : V0050231
2014-A-0061Multiple Vulnerabilities in Apache Struts
Severity : Category I - VMSKEY : V0050007
Hide | Show 5 More...
idDescription
2014-A-0009Multiple Vulnerabilities in Oracle Fusion Middleware
Severity : Category I - VMSKEY : V0043395
2014-A-0011Multiple Vulnerabilities in Oracle MySQL Products
Severity : Category I - VMSKEY : V0043399
2013-A-0201Multiple Vulnerabilities in Oracle MySQL Products
Severity : Category I - VMSKEY : V0040782
2013-A-0183Multiple Vulnerabilities in Apache Struts
Severity : Category I - VMSKEY : V0040489
2012-B-0086VMware vCenter Operations Arbitrary File Overwrite Vulnerability
Severity : Category I - VMSKEY : V0033791

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
DateDescription
2016-06-22Apache Struts I18NInterceptor locale object cross site scripting attempt
RuleID : 38990 - Type : SERVER-WEBAPP - Revision : 1
2014-06-12Apache Struts CookieInterceptor classloader access attempt
RuleID : 30944 - Type : SERVER-APACHE - Revision : 3
2014-05-25Apache Struts ParametersInterceptor classloader access attempt
RuleID : 30793 - Type : SERVER-APACHE - Revision : 3
2014-05-25Apache Struts ParametersInterceptor classloader access attempt
RuleID : 30792 - Type : SERVER-APACHE - Revision : 4
2014-05-25Apache Struts ParametersInterceptor classloader access attempt
RuleID : 30791 - Type : SERVER-APACHE - Revision : 3
Hide | Show 20 More...
DateDescription
2014-05-25Apache Struts ParametersInterceptor classloader access attempt
RuleID : 30790 - Type : SERVER-APACHE - Revision : 4
2014-03-27Apache Struts remote code execution attempt - CookieInterceptor
RuleID : 29936 - Type : SERVER-APACHE - Revision : 2
2014-03-22Apache Struts allowStaticMethodAccess invocation attempt
RuleID : 29859 - Type : SERVER-APACHE - Revision : 6
2014-03-15Apache Struts2 blacklisted method redirect
RuleID : 29748 - Type : SERVER-APACHE - Revision : 6
2014-03-15Apache Struts2 blacklisted method redirect
RuleID : 29747 - Type : SERVER-APACHE - Revision : 6
2014-03-13Apache Struts wildcard matching OGNL remote code execution attempt
RuleID : 29639 - Type : SERVER-APACHE - Revision : 2
2014-03-06Apache Struts wildcard matching OGNL remote code execution attempt
RuleID : 29592 - Type : SERVER-APACHE - Revision : 1
2014-01-10Apache Struts arbitrary OGNL remote code execution attempt
RuleID : 27575 - Type : SERVER-APACHE - Revision : 2
2014-01-10Apache Struts OGNL getRuntime.exec static method access attempt
RuleID : 27574 - Type : SERVER-APACHE - Revision : 2
2014-01-10Apache Struts wildcard matching OGNL remote code execution attempt
RuleID : 27573 - Type : SERVER-APACHE - Revision : 2
2014-01-10Apache Struts wildcard matching OGNL remote code execution attempt
RuleID : 27572 - Type : SERVER-APACHE - Revision : 2
2014-01-10Apache Struts2 remote code execution attempt
RuleID : 27245 - Type : SERVER-APACHE - Revision : 6
2014-01-10Apache Struts2 blacklisted method redirect
RuleID : 27244 - Type : SERVER-APACHE - Revision : 6
2014-01-10Apache Struts2 blacklisted method redirectAction
RuleID : 27243 - Type : SERVER-APACHE - Revision : 5
2014-01-10Apache Struts allowStaticMethodAccess invocation attempt
RuleID : 26825 - Type : SERVER-OTHER - Revision : 7
2014-01-10Apache Struts allowStaticMethodAccess invocation attempt
RuleID : 26824 - Type : SERVER-OTHER - Revision : 8
2014-01-10Apache Struts2 skillName remote code execution attempt
RuleID : 26772 - Type : SERVER-OTHER - Revision : 2
2014-01-10Apache Struts remote code execution attempt - POST parameter
RuleID : 23631 - Type : SERVER-APACHE - Revision : 5
2014-01-10Apache Struts remote code execution attempt - GET parameter
RuleID : 21656 - Type : SERVER-APACHE - Revision : 5
2014-01-10Apache Struts remote code execution attempt - DebuggingInterceptor
RuleID : 21075 - Type : SERVER-APACHE - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2016-06-24Name : The remote Windows host contains a web application that uses a Java framework...
File : struts_2_3_29_win_local.nasl - Type : ACT_GATHER_INFO
2016-04-28Name : The remote Windows host contains a web application that uses a Java framework...
File : struts_2_3_28_1_win_local.nasl - Type : ACT_GATHER_INFO
2016-03-24Name : The remote web server contains a web application that uses a Java framework t...
File : struts_2_3_28_rce.nasl - Type : ACT_ATTACK
2016-03-24Name : The remote Windows host contains a web application that uses a Java framework...
File : struts_2_3_28_win_local.nasl - Type : ACT_GATHER_INFO
2016-02-29Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2012-0013_remote.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2015-06-26Name : The remote IBM Storwize device is affected by multiple vulnerabilities.
File : ibm_storwize_1_5_0_2.nasl - Type : ACT_GATHER_INFO
2015-05-14Name : The website content management system installed on the remote host is affecte...
File : oracle_webcenter_sites_apr_2015_cpu.nasl - Type : ACT_GATHER_INFO
2015-05-08Name : A web application running on the remote host is affected by multiple vulnerab...
File : mysql_enterprise_monitor_2_3_14.nasl - Type : ACT_GATHER_INFO
2015-05-08Name : A web application running on the remote host is affected by multiple vulnerab...
File : mysql_enterprise_monitor_2_3_17.nasl - Type : ACT_GATHER_INFO
2015-05-08Name : A web application running on the remote host is affected by a cross-site requ...
File : mysql_enterprise_monitor_2_3_20.nasl - Type : ACT_GATHER_INFO
2015-05-08Name : A web application running on the remote host is affected by multiple vulnerab...
File : mysql_enterprise_monitor_3_0_11.nasl - Type : ACT_GATHER_INFO
2015-05-08Name : A web application running on the remote host is affected by a cross-site requ...
File : mysql_enterprise_monitor_3_0_19.nasl - Type : ACT_GATHER_INFO
2015-05-08Name : A web application running on the remote host is affected by multiple vulnerab...
File : mysql_enterprise_monitor_3_0_5.nasl - Type : ACT_GATHER_INFO
2015-01-30Name : The remote web server contains a web application that uses a Java framework t...
File : struts_2_3_16_1_win_local.nasl - Type : ACT_GATHER_INFO
2014-12-10Name : The remote web server hosts a web application that uses a Java framework that...
File : struts_2_3_20_win_local.nasl - Type : ACT_GATHER_INFO
2014-09-05Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201409-04.nasl - Type : ACT_GATHER_INFO
2014-07-07Name : The remote host has a virtualization appliance installed that is affected by ...
File : vcenter_operations_manager_vmsa_2014-0007.nasl - Type : ACT_GATHER_INFO
2014-06-07Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysql55client18-140527.nasl - Type : ACT_GATHER_INFO
2014-05-09Name : The remote web server contains a web application that uses a Java framework t...
File : struts_2_3_16_3.nasl - Type : ACT_GATHER_INFO
2014-04-29Name : The remote web server hosts an application that is affected by multiple vulne...
File : archiva_1_3_8.nasl - Type : ACT_GATHER_INFO
2014-04-29Name : The remote web server contains a web application that uses a Java framework t...
File : struts_2_3_16_2_dos.nasl - Type : ACT_DENIAL
2014-03-26Name : The remote web server contains a web application that uses a Java framework t...
File : struts_2_3_16_1_classloader_manipulation.nasl - Type : ACT_ATTACK
2013-09-27Name : The remote web server contains a web application that uses a Java framework t...
File : struts_2_3_15_2.nasl - Type : ACT_ATTACK
2013-08-07Name : The remote web server contains a web application that uses a Java framework t...
File : struts_exceptiondelegator_command_execution.nasl - Type : ACT_ATTACK
2013-07-29Name : The remote host has a virtualization appliance installed that is affected by ...
File : vcenter_operations_manager_vmsa_2012-0013.nasl - Type : ACT_GATHER_INFO