CVE-2016-3087

EUVD-2022-4592
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
apachestruts
2.3.20
apachestruts
2.3.20.1
apachestruts
2.3.24
apachestruts
2.3.24.1
apachestruts
2.3.28
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libstruts1.2-java
precise
not-affected
trusty
dne
wily
dne
xenial
dne
Common Weakness Enumeration
References
http://struts.apache.org/docs/s2-033.html
http://www-01.ibm.com/support/docview.wss?uid=swg21987854
http://www.securityfocus.com/bid/90960
http://www.securitytracker.com/id/1036017
https://www.exploit-db.com/exploits/39919/
http://struts.apache.org/docs/s2-033.html
http://www-01.ibm.com/support/docview.wss?uid=swg21987854
http://www.securityfocus.com/bid/90960
http://www.securitytracker.com/id/1036017
https://www.exploit-db.com/exploits/39919/