Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Archiva
APPApache1.21.2.21.3 – 1.3.8 (bez)Apache Struts
APPApache2.0.0 – 2.3.15Fujitsu Interstage Business Process Manager Analytics
APPFujitsu12.012.1Microsoft Windows Server 2003
OSMicrosoftwszystkie wersjeMicrosoft Windows Server 2008
OSMicrosoftwszystkie wersjeMicrosoft Windows Server 2012
OSMicrosoftwszystkie wersjeOracle Siebel Apps E Billing
APPOracle6.16.1.16.2Oracle Solaris
OSOracle11Red Hat Enterprise Linux
OSRedhat5.0 – 6.10
CISA KEV — detailsi
- Vendori
- Apache ↗
- Producti
- Struts
- Added to KEVi
- March 25, 2022
- Remediation deadline (US Federal)i
- April 15, 2022(overdue)
Apply updates per vendor instructions.
Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.
Related vulnerabilities
RCE w Windows Server Update Service (WSUS) — deserializacja danych
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution....
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Su...