Remote Code Execution (RCE) | |
Directory Traversal | [2.0.0,2.0.12)[2.1.0,2.1.6) |
Cross-site Scripting (XSS) | |
Remote Code Execution (RCE) | |
Denial of Service (DoS) | [,2.5.32)[6.0.0,6.1.2.2)[6.2.0,6.3.0.1) |
Allocation of Resources Without Limits or Throttling | [2.0.0,2.5.31)[6.0.0,6.1.2.1) |
Allocation of Resources Without Limits or Throttling | [2.0.0,2.5.31)[6.1.2,6.1.2.1) |
Remote Code Execution (RCE) | |
Remote Code Execution (RCE) | |
Unrestricted Upload of File with Dangerous Type | |
Denial of Service (DoS) | |
Remote Code Execution (RCE) | |
Remote Code Execution (RCE) | [2.3.0,2.3.35)[2.5.0,2.5.17) |
Denial of Service (DoS) | |
Denial of Service (DoS) | [2.3.7,2.3.34)[2.5,2.5.13) |
Denial of Service (DoS) | [2.3.7,2.3.34)[2.5,2.5.13) |
Denial of Service (DoS) | [2.3.7,2.3.33)[2.5,2.5.12) |
Denial of Service (DoS) | |
Arbitrary Command Execution | |
Arbitrary Code Execution | |
Arbitrary Code Execution | [2.3.7,2.3.32)[2.5.0,2.5.10.1) |
Arbitrary OGNL Statement Execution | |
Denial of Service (DoS) | |
Directory Traversal | |
Improper Action Name Cleanup | [2.0.0,2.3.29)[2.5,2.5.1) |
Access Restriction Bypass | |
Access Restriction Bypass | |
Regular Expression Denial of Service (ReDoS) | [2.3.20,2.3.29)[2.5,2.5.1) |
Cross-site Request Forgery (CSRF) | |
Arbitrary Command Execution | [2,2.3.20.2)[2.3.24,2.3.24.3)[2.3.28,2.3.28.1) |
Command Injection | [2.0.0,2.3.20.2)[2.3.24,2.3.24.2)[2.3.28,2.3.28.1) |
Arbitrary Code Execution | [2,2.3.20.2)[2.3.24,2.3.24.2)[2.3.28,2.3.28.1) |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Cross-site Scripting (XSS) | |
Manipulation of Struts' internals | |
Cross-site Request Forgery (CSRF) | |
Arbitrary Code Exectuion | |
Arbitrary File Overwrite | |
Arbitrary Command Execution | |
Arbitrary Code Execution | |
Improper Input Validation | |
Arbitrary Code Execution | |
Classloader manipulation via CookieInterceptor | |
Arbitrary Code Execution | |
ClassLoader Manipulation via ParametersInterceptor | |
Access Restriction Bypass | |
Bypass Access Controls | |
Dynamic Method Executions | |
Remote Command Execution | |
URL Redirection to Untrusted Site | |
Arbitrary Code Injection | |
Arbitrary Code Injection | |
Arbitrary Code Injection | |
Arbitrary Code Injection | |
Cross-site Request Forgery (CSRF) | |
Remote code execution | |
Cross-site Scripting (XSS) | |
Remote Command Execution | |