CVE-2016-3082
Description
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
34.801
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-3082,CVE-2016-3093,CVE-2016-3081,CVE-2016-3087,CVE-2016-0785 are fixed in Apache-struts2-core 2.3.24.3 | Windows |
| Vulnerabilities CVE-2016-3082,CVE-2016-3081,CVE-2016-3087,CVE-2016-0785 are fixed in Apache-struts2-core 2.3.20.3 | Windows |
| Vulnerabilities CVE-2016-3082,CVE-2016-3081,CVE-2016-3087 are fixed in Apache-struts2-core 2.3.28.1 | Windows |
| Vulnerabilities CVE-2016-3082,CVE-2016-3093,CVE-2016-3081,CVE-2016-3087,CVE-2016-0785 are fixed in Apache-structs2-core for Linux 2.3.24.3 | Linux |
| Vulnerabilities CVE-2016-3082,CVE-2016-3081,CVE-2016-3087,CVE-2016-0785 are fixed in Apache-structs2-core for Linux 2.3.20.3 | Linux |
| Vulnerabilities CVE-2016-3082,CVE-2016-3081,CVE-2016-3087 are fixed in Apache-structs2-core for Linux 2.3.28.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234