CVE-2016-3087 Vulnerability in maven package org.apache.struts:struts2-core

Description

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.

Remediation

References

http://struts.apache.org/docs/s2-033.html

http://www.securityfocus.com/bid/90960

http://www.securitytracker.com/id/1036017

http://www-01.ibm.com/support/docview.wss?uid=swg21987854

https://www.exploit-db.com/exploits/39919/

Related Vulnerabilities

CVE-2023-31206 Vulnerability in maven package org.apache.inlong:manager-dao

CVE-2023-22946 Vulnerability in maven package org.apache.spark:spark-core_2.12

CVE-2022-41936 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rest-server

CVE-2023-4301 Vulnerability in maven package org.jenkins-ci.plugins:fortify

CVE-2019-16543 Vulnerability in maven package com.inflectra.spiratest.plugins:inflectra-spira-integration

Severity

Critical

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H