This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:apache:struts:2.0.2 |
| Detail | |||
|---|---|---|---|
| Vendor | Apache | First view | 2010-08-17 |
| Product | Struts | Last view | 2012-09-05 |
| Version | 2.0.2 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:apache:struts | ||
Activity : Yearly
Related : CVE
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 5 | 2012-09-05 | CVE-2012-4387 | Network | Low | None Requ... | |
| 6.8 | 2012-09-05 | CVE-2012-4386 | Network | Medium | None Requ... | |
| 6.8 | 2012-01-08 | CVE-2012-0394 | Network | Medium | None Requ... | |
| 6.4 | 2012-01-08 | CVE-2012-0393 | Network | Low | None Requ... | |
| 9.3 | 2012-01-08 | CVE-2012-0392 | Network | Medium | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 9.3 | 2012-01-08 | CVE-2012-0391 | Network | Medium | None Requ... | |
| 5 | 2012-01-08 | CVE-2011-5057 | Network | Low | None Requ... | |
| 4.3 | 2011-05-13 | CVE-2011-2087 | Network | Medium | None Requ... | |
| 2.6 | 2011-05-13 | CVE-2011-1772 | Network | High | None Requ... | |
| 5 | 2010-08-17 | CVE-2010-1870 | Network | Low | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 44% (4) | CWE-264 | Permissions, Privileges, and Access Controls |
| 22% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 11% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 11% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 11% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 78277 | Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Exec... |
| 78276 | Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remot... |
| 78109 | Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite |
| 78108 | Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution |
| 77599 | Struts2 SessionAware / RequestAware Request Parsing Session Map Manipulation |
| id | Description |
|---|---|
| 73600 | Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Pa... |
| 72238 | Apache Struts Action / Method Names |
| 66280 | Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution |
ExploitDB Exploits
| id | Description |
|---|---|
| 14360 | Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability |
Metasploit Exploits
| id | Description |
|---|---|
| 2012-01-06 | Apache Struts <= 2.2.1.1 Remote Command Execution |
| 2010-07-13 | Apache Struts < 2.2.0 Remote Command Execution |
