VDB

JVNDB-2020-000084

JVNDB-2020-000084 PUBLISHED CVSS 9.300000190734863 CRITICAL

Apache Struts 2 provided by The Apache Software Foundation contains a remote code execution vulnerability due to improper input validation (CWE-20). Masato Anzai of Aeye Security Lab, inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
Apache Software FoundationApache StrutsStruts 2.0.0 - Struts 2.5.25

Timeline

  • Feb 4, 2019 CVE Published
  • Dec 23, 2020 PoC Published
  • Nov 8, 2021 PoC Published
  • Nov 20, 2021 PoC Published
  • Dec 24, 2024 PoC Published
  • Feb 6, 2025 PoC Published
  • Feb 23, 2025 PoC Published
  • Feb 23, 2025 PoC Published
  • Feb 2, 2026 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›