Apache Struts Vulnérabilités

Chronologie

L'année dernière

Version

2.3.3	20
2.3.4	20
2.5.1	19
2.5.2	19
2.5.3	19

Contre-mesures

Official Fix	77
Temporary Fix	0
Workaround	3
Unavailable	2
Not Defined	11

Exploitabilité

High	28
Functional	0
Proof-of-Concept	16
Unproven	4
Not Defined	45

Vecteur d'accès

Not Defined	0
Physical	0
Local	3
Adjacent	0
Network	90

Authentification

Not Defined	0
High	0
Low	14
None	79

Interaction de l'utilisateur

Not Defined	0
Required	24
None	69

CVSSv3 Base

≤1	0
≤2	0
≤3	0
≤4	2
≤5	11
≤6	10
≤7	25
≤8	17
≤9	16
≤10	12

CVSSv3 Temp

≤1	0
≤2	0
≤3	0
≤4	7
≤5	8
≤6	17
≤7	25
≤8	11
≤9	15
≤10	10

VulDB

≤1	0
≤2	0
≤3	0
≤4	4
≤5	13
≤6	15
≤7	19
≤8	17
≤9	13
≤10	12

NVD

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	4
≤7	6
≤8	9
≤9	11
≤10	11

CNA

≤1	0
≤2	0
≤3	0
≤4	0
≤5	2
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Fournisseur

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Exploiter 0 jour

<1k	0
<2k	0
<5k	3
<10k	28
<25k	50
<50k	12
<100k	0
≥100k	0

Exploiter aujourd'hui

<1k	82
<2k	2
<5k	3
<10k	4
<25k	2
<50k	0
<100k	0
≥100k	0

Affected Versions (156): 1.0, 1.0.2, 1.1, 1.2, 1.2.2, 1.2.4, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.3, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 1.4, 1.5, 1.6, 1.7, 2, 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.11, 2.0.11.1, 2.0.11.2, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19, 2.0.21, 2.0.22, 2.0.23, 2.0.24, 2.0.25, 2.0.26, 2.0.27, 2.0.28, 2.0.29, 2.0.31, 2.0.32, 2.0.33, 2.1, 2.1.1, 2.1.2, 2.1.2 Beta, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.8, 2.1.8.1, 2.2, 2.2.1, 2.2.1.1, 2.2.2, 2.2.3, 2.2.3.1, 2.3, 2.3.1, 2.3.1.1, 2.3.1.2, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.11, 2.3.12, 2.3.13, 2.3.14, 2.3.14.1, 2.3.14.2, 2.3.15, 2.3.15.1, 2.3.15.3, 2.3.16, 2.3.16.1, 2.3.16.2, 2.3.16.3, 2.3.17, 2.3.18, 2.3.19, 2.3.21, 2.3.22, 2.3.23, 2.3.24, 2.3.24.1, 2.3.25, 2.3.26, 2.3.27, 2.3.28, 2.3.28.1, 2.3.29, 2.3.31, 2.3.32, 2.3.33, 2.3.34, 2.4, 2.5, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.11, 2.5.12, 2.5.13, 2.5.14, 2.5.15, 2.5.16, 2.5.17, 2.5.18, 2.5.19, 2.5.21, 2.5.22, 2.5.23, 2.5.24, 2.5.25, 2.5.26, 2.5.27, 2.5.28, 2.5.29, 2.5.31, 2.5.32, 6.0, 6.1, 6.1.1, 6.1.2, 6.1.2.1, 6.2, 6.3, 6.3.0.1

Link to Product Website: https://www.apache.org/

Type de logiciel: Programming Tool Software

Publié	Base	Temp	Vulnérabilité	0day	Aujourd'hui	Exp	Con	CTI	CVE
07/12/2023	8.0	7.9	Apache Struts File Upload elévation de privilèges	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	CVE-2023-50164
15/09/2023	5.3	5.1	Apache Struts File Upload dénie de service	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2023-41835
14/06/2023	4.3	4.2	Apache Struts dénie de service	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2023-34396
14/06/2023	4.3	4.2	Apache Struts dénie de service	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2023-34149
10/12/2022	5.2	5.1	Apache Struts cross site scripting	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	CVE-2015-2992
13/04/2022	6.3	6.0	Apache Struts Incomplete Fix CVE-2020-17530 elévation de privilèges	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2021-31805
11/12/2020	6.3	6.3	Apache Struts OGNL Evaluation Privilege Escalation	$5k-$25k	$5k-$25k	High	Official Fix	0.00	CVE-2020-17530
14/09/2020	6.4	6.4	Apache Struts File Upload elévation de privilèges	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	CVE-2019-0233
14/09/2020	8.5	8.5	Apache Struts Double OGNL Evaluation Remote Code Execution	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	CVE-2019-0230
05/12/2019	7.0	7.0	Apache Struts XSLT File elévation de privilèges	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	CVE-2012-1592

Apache Struts Vulnérabilités

Chronologie

L'année dernière

Version

Contre-mesures

Exploitabilité

Vecteur d'accès

Authentification

Interaction de l'utilisateur

C3BM Index

L'année dernière

CVSSv3 Base

CVSSv3 Temp

VulDB

NVD

CNA

Fournisseur

Research

Exploiter 0 jour

Exploiter aujourd'hui

Exploiter le volume du marché

L'année dernière

🔴 CTI Activités

🔒 Login Required

Do you know our Splunk app?