Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Struts Number Of NVD 84 CRITICAL 15 HIGH 34 MEDIUM 34 LOW 1
URL https://struts.apache.org
Explanation It is an MVC framework for web applications for Java developed by the Apache Software Foundation.
It is open source and can be used free of charge.

It has been found several times to have highly urgent vulnerabilities such as the ability to execute commands remotely, and incidents such as information leaks have occurred by exploiting these vulnerabilities.

The development of Struts1 started in early 2000, and quite a number of companies have been using it.

Struts1 is no longer supported.
Tag
  • Apache License v2.0
  • Java
Add Information URL
No Type Name URL
1 https://struts.apache.org/struts1eol-announcement.html
2 https://struts.apache.org/download.cgi
3 https://struts.apache.org/releases.html
4 https://github.com/apache/struts1
5 https://github.com/apache/struts
6 https://cwiki.apache.org/confluence/display/WW/Security+Bulletins
7 https://struts.apache.org/struts23-eol-announcement
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
81 Struts 6 6.7.0 Nov. 17, 2024 June 6, 2022 1 1 1 0
82 Struts 2.5 2.5.33 April 4, 2022 May 5, 2016 Oct. 30, 2023 April 30, 2024 7 9 5 0
83 Struts 2.3 2.3.37 Dec. 30, 2018 Dec. 9, 2011 Nov. 14, 2018 April 14, 2019 14 26 19 0
84 Struts 2.2 2.2.3.1 Sept. 7, 2011 June 29, 2010 Dec. 18, 2011 10 21 20 1
85 Struts 2.1 2.1.8.1 Nov. 11, 2009 Oct. 29, 2007 Dec. 18, 2011 9 21 21 1
86 Struts 2.0 2.0.15 Nov. 17, 2008 Sept. 25, 2006 Dec. 18, 2011 9 20 23 1
87 Struts 1 1.3.10 Dec. 7, 2014 May 1, 2000 April 5, 2013 0 7 5 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
81 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote att… NVD-CWE-Other
CVE-2006-1548 cpe:2.3:a:apache:struts:*:* 1.2.8 2017-07-20 10:30
2006-03-31 		Show GitHub Exploit DB Packet Storm
82 -
7.5 		HIGH Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the act… NVD-CWE-Other
CVE-2006-1546 cpe:2.3:a:apache:struts:*:* 1.2.8 2023-02-13 11:16
2006-03-31 		Show GitHub Exploit DB Packet Storm
83 7.5
7.8 		HIGH
Network 		ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name… NVD-CWE-noinfo
CVE-2006-1547 cpe:2.3:a:apache:struts:*:* 1.2.9 2024-07-25 01:47
2006-03-31 		Show GitHub Exploit DB Packet Storm
84 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly… NVD-CWE-Other
CVE-2005-3745 cpe:2.3:a:apache:struts:1.2.7:* 2023-11-7 10:57
2005-11-22 		Show GitHub Exploit DB Packet Storm