Struts

by Apache

Immediate action recommended

Struts has critical exploitation rates across its known vulnerabilities.

What to do

Check for patches and apply immediately
Review whether this software can be replaced with a safer alternative
Consult your IT provider about mitigation options

What Attackers Target

Vulnerabilities with high exploit probability 44.4%

Confirmed actively exploited (CISA) 14.8%

Public exploit code available 20.4%

Based on 54 known vulnerabilities. Percentages show the proportion that are actively dangerous — a low percentage means most vulnerabilities in this product are not being exploited.

Most Dangerous Vulnerabilities

CVE	CVSS	Exploit Probability	Confirmed
CVE-2018-11776	8.1	94.4%	Yes
CVE-2020-17530	9.8	94.4%	Yes
CVE-2013-2251	9.8	94.3%	Yes
CVE-2017-9805	8.1	94.3%	Yes
CVE-2017-5638	9.8	94.3%	Yes
CVE-2017-9791	9.8	94.2%	Yes
CVE-2017-9791	9.8	94.2%	Yes
CVE-2017-9791	9.8	94.2%	Yes
CVE-2017-9791	9.8	94.2%	Yes
CVE-2017-9791	9.8	94.2%	Yes
CVE-2017-9791	9.8	94.2%	Yes
CVE-2017-9791	9.8	94.2%	Yes
CVE-2017-9791	9.8	94.2%	Yes
CVE-2017-9791	9.8	94.2%	Yes
CVE-2017-9791	9.8	94.2%	Yes
CVE-2017-9791	9.8	94.2%	Yes
CVE-2017-9791	9.8	94.2%	Yes
CVE-2017-9791	9.8	94.2%	Yes
CVE-2017-9791	9.8	94.2%	Yes
CVE-2017-9791	9.8	94.2%	Yes

Get this data via API

curl -H "Authorization: Bearer YOUR_KEY" \
  https://cyber.phasetransitions.ai/api/v1/products/apache/struts

Free tier: 100 requests/day, no credit card.

/ 100

critical-risk

Active Threat 50/50 · Critical

Exploit Availability 29/50 · Moderate

Score uses Wilson score intervals to account for sample size. Products with few CVEs are scored conservatively.