Vulnerability Monitor

The vendors, products, and vulnerabilities you care about
struts Vendor: apache

About This Product

struts is a software product developed by apache, a major technology provider with a global presence in enterprise and consumer markets. This product is widely deployed in production environments, making vulnerability monitoring essential for organizations relying on it. Security vulnerabilities in products of this category can affect system availability, data confidentiality, and integrity across entire networks. The significant number of reported vulnerabilities indicates this product has received substantial security scrutiny and community focus over time. Regular assessment of known vulnerabilities and timely patching are fundamental components of responsible system administration for any deployment of this software.

Vulnerability Landscape Summary

SecUtils has identified 91 known vulnerabilities affecting apache struts. This includes 16 critical-severity issues and 36 high-severity issues that warrant immediate attention. Vulnerabilities in this product have been disclosed spanning from 2005 to 2026, indicating a sustained research interest and ongoing security attention. 38 medium-severity issues and 1 low-severity issue complete the vulnerability landscape. Organizations should prioritize patching based on deployment context, asset criticality, and exploitation likelihood rather than severity alone.

Known Vulnerabilities
ID Date Published Last Modified Severity (CVSSv3) Severity (CVSSv2) Exploit Available
CVE-2005-3745 2005-11-22 2025-04-03 - 4.3 Likely
CVE-2006-1546 2006-03-30 2025-04-03 - 7.5 Likely
CVE-2006-1547 2006-03-30 2025-10-22 7.5 7.8 Likely
CVE-2006-1548 2006-03-30 2025-04-03 - 4.3 Likely
CVE-2008-6504 2009-03-23 2025-04-09 - 5.0 Likely
CVE-2008-6505 2009-03-23 2025-04-09 - 5.0 Likely
CVE-2007-6726 2009-04-09 2025-04-09 - 4.3 Likely
CVE-2008-2025 2009-04-09 2025-04-09 - 4.3 Likely
CVE-2008-6682 2009-04-09 2025-04-09 - 4.3 Likely
CVE-2009-1275 2009-04-09 2025-04-09 - 6.8 Likely
CVE-2010-1870 2010-08-17 2025-04-11 - 5.0 Likely
CVE-2011-1772 2011-05-13 2025-04-11 - 2.6 Unknown
CVE-2011-2087 2011-05-13 2025-04-11 - 4.3 Likely
CVE-2011-2088 2011-05-13 2025-04-11 - 5.0 Likely
CVE-2012-0391 2012-01-08 2025-10-22 9.8 9.3 Likely
CVE-2012-0392 2012-01-08 2025-04-11 - 6.8 Likely
CVE-2012-0393 2012-01-08 2025-04-11 - 6.4 Likely
CVE-2012-0394 2012-01-08 2025-04-11 - 6.8 Likely
CVE-2011-5057 2012-01-08 2025-04-11 - 5.0 Likely
CVE-2012-1006 2012-02-07 2025-04-11 - 4.3 Likely
CVE-2012-1007 2012-02-07 2025-04-11 - 4.3 Likely
CVE-2012-0838 2012-03-02 2025-04-11 - 10.0 Likely
CVE-2012-4386 2012-09-05 2025-04-11 - 6.8 Likely
CVE-2012-4387 2012-09-05 2025-04-11 - 5.0 Likely
CVE-2013-1965 2013-07-10 2025-04-11 - 9.3 Likely
CVE-2013-1966 2013-07-10 2025-04-11 - 9.3 Likely
CVE-2013-2115 2013-07-10 2025-04-11 8.1 9.3 Likely
CVE-2013-2134 2013-07-16 2025-04-11 - 9.3 Likely
CVE-2013-2135 2013-07-16 2025-04-11 - 9.3 Likely
CVE-2013-2248 2013-07-20 2025-04-11 - 5.8 Likely
CVE-2013-2251 2013-07-20 2025-10-22 9.8 9.3 Likely
CVE-2013-4310 2013-09-30 2025-04-11 - 5.8 Likely
CVE-2013-4316 2013-09-30 2025-04-11 - 10.0 Likely
CVE-2013-6348 2013-11-02 2025-04-11 - 4.3 Likely
CVE-2014-0094 2014-03-11 2025-04-12 - 5.0 Likely
CVE-2014-0112 2014-04-29 2025-04-12 - 7.5 Likely
CVE-2014-0113 2014-04-29 2025-04-12 - 7.5 Likely
CVE-2014-0114 2014-04-30 2025-04-12 - 7.5 Likely
CVE-2014-0116 2014-05-08 2025-04-12 - 5.8 Likely
CVE-2014-7809 2014-12-10 2025-04-12 - 6.8 Likely
CVE-2015-1831 2015-07-16 2025-04-12 - 7.5 Likely
CVE-2016-0785 2016-04-12 2025-04-12 8.8 9.0 Likely
CVE-2016-2162 2016-04-12 2025-04-12 6.1 4.3 Likely
CVE-2016-4003 2016-04-12 2025-04-12 6.1 4.3 Likely
CVE-2016-3081 2016-04-26 2025-04-12 8.1 9.3 Likely
CVE-2016-3082 2016-04-26 2025-04-12 9.8 10.0 Likely
CVE-2016-3087 2016-06-07 2025-04-12 9.8 7.5 Likely
CVE-2016-3093 2016-06-07 2025-04-12 5.3 5.0 Likely
CVE-2015-0899 2016-07-04 2025-04-12 7.5 5.0 Likely
CVE-2016-1181 2016-07-04 2025-04-12 8.1 6.8 Likely
CVE-2016-1182 2016-07-04 2025-04-12 8.2 6.4 Likely
CVE-2016-4430 2016-07-04 2025-04-12 8.8 6.8 Likely
CVE-2016-4431 2016-07-04 2025-04-12 7.5 5.0 Likely
CVE-2016-4433 2016-07-04 2025-04-12 7.5 5.0 Likely
CVE-2016-4438 2016-07-04 2025-04-12 9.8 7.5 Likely
CVE-2016-4465 2016-07-04 2025-04-12 5.3 5.0 Likely
CVE-2016-4436 2016-10-03 2025-04-12 9.8 7.5 Likely
CVE-2017-5638 2017-03-11 2025-10-22 9.8 10.0 Likely
CVE-2017-9791 2017-07-10 2025-10-22 9.8 7.5 Likely
CVE-2017-7672 2017-07-13 2025-04-20 5.9 4.3 Likely
CVE-2017-9787 2017-07-13 2025-04-20 7.5 5.0 Likely
CVE-2015-5209 2017-08-29 2025-04-20 7.5 5.0 Likely
CVE-2017-9805 2017-09-15 2025-10-22 8.1 6.8 Likely
CVE-2016-6795 2017-09-20 2025-04-20 9.8 7.5 Likely
CVE-2016-8738 2017-09-20 2025-04-20 5.9 4.3 Likely
CVE-2017-12611 2017-09-20 2025-04-20 9.8 7.5 Likely
CVE-2017-9793 2017-09-20 2025-04-20 7.5 5.0 Likely
CVE-2017-9804 2017-09-20 2025-04-20 7.5 5.0 Likely
CVE-2015-5169 2017-09-25 2025-04-20 6.1 4.3 Likely
CVE-2016-4461 2017-10-16 2025-04-20 8.8 9.0 Likely
CVE-2016-3090 2017-10-30 2025-04-20 8.8 6.5 Likely
CVE-2017-15707 2017-12-01 2025-04-20 6.2 5.0 Likely
CVE-2018-1327 2018-03-27 2024-11-21 7.5 5.0 Likely
CVE-2018-11776 2018-08-22 2025-10-27 8.1 9.3 Likely
CVE-2011-3923 2019-11-01 2024-11-21 9.8 7.5 Likely
CVE-2012-1592 2019-12-05 2024-11-21 8.8 6.5 Likely
CVE-2015-2992 2020-02-27 2024-11-21 6.1 4.3 Likely
CVE-2019-0230 2020-09-14 2024-11-21 9.8 7.5 Likely
CVE-2019-0233 2020-09-14 2024-11-21 7.5 5.0 Likely
CVE-2020-17530 2020-12-11 2025-10-27 9.8 7.5 Likely
CVE-2020-26258 2020-12-16 2025-05-23 6.3 5.0 Likely
CVE-2020-26259 2020-12-16 2025-05-23 6.8 6.4 Likely
CVE-2021-31805 2022-04-12 2024-11-21 9.8 7.5 Likely
CVE-2023-34149 2023-06-14 2025-02-13 4.3 - -
CVE-2023-34396 2023-06-14 2025-02-13 4.3 - -
CVE-2023-41835 2023-12-05 2025-11-04 7.5 - -
CVE-2023-50164 2023-12-07 2025-02-13 9.8 - -
CVE-2024-53677 2024-12-11 2025-07-15 9.8 - -
CVE-2025-64775 2025-12-01 2026-01-26 7.5 - -
CVE-2025-66675 2025-12-10 2025-12-16 8.2 - -
CVE-2025-68493 2026-01-11 2026-03-11 8.1 - -

How SecUtils Interprets Product Data

SecUtils normalizes and enriches National Vulnerability Database (NVD) records for apache struts by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and structuring the data for rapid analysis and asset correlation. For every vulnerability listed, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference information to enable organizations to prioritize patching and risk assessment efficiently. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for vulnerability management and security operations.