CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Apache: >> Struts >> 2.3.24.3 Security Vulnerabilities

CVE-2016-4430

Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

CVSS Score

8.8

EPSS Score

0.028

Published

2016-07-04

CVE-2009-1275

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.

CVSS Score

6.8

EPSS Score

0.013

Published

2009-04-09

Page 4

Vulnerabilities

Vulnerable Software

Apache: >> Struts >> 2.3.24.3 Security Vulnerabilities

Products

Pricing

Contact Us