CPE-0F8BC3FC-BFB4-40DA-B7D0-96BFC20A519C Detail

CPE Details

Apache Software Foundation Struts 1.3.5

Vendor

apache

Product

struts

Version

1.3.5

Created

2010-08-23
20h37 +00:00

Modified

2010-08-23
20h37 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:apache:struts:1.3.5:::::::*

Informations

Vendor

apache

Product

struts

Version

1.3.5

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-34396	2023-06-14 07h50 +00:00	Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater	7.5	High
CVE-2023-34149	2023-06-14 07h48 +00:00	Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.	6.5	Medium
CVE-2015-0899	2016-07-04 20h00 +00:00	The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.	7.5	High
CVE-2016-1181	2016-07-04 20h00 +00:00	ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.	8.1	High
CVE-2016-1182	2016-07-04 20h00 +00:00	ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.	8.2	High
CVE-2014-0114	2014-04-30 08h00 +00:00	Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.	7.5
CVE-2009-1275	2009-04-09 13h00 +00:00	Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.	6.8

Apache Software Foundation Struts 1.3.5

CPE Details

CPE Name: cpe:2.3:a:apache:struts:1.3.5:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:apache:struts:1.3.5:::::::*