CVE-2016-3087
Description
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
87.027
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-3082,CVE-2016-3093,CVE-2016-3081,CVE-2016-3087,CVE-2016-0785 are fixed in Apache-struts2-core 2.3.24.3 | Windows |
| Vulnerabilities CVE-2016-3082,CVE-2016-3081,CVE-2016-3087,CVE-2016-0785 are fixed in Apache-struts2-core 2.3.20.3 | Windows |
| Vulnerabilities CVE-2016-3082,CVE-2016-3081,CVE-2016-3087 are fixed in Apache-struts2-core 2.3.28.1 | Windows |
| Vulnerabilities CVE-2016-3082,CVE-2016-3093,CVE-2016-3081,CVE-2016-3087,CVE-2016-0785 are fixed in Apache-structs2-core for Linux 2.3.24.3 | Linux |
| Vulnerabilities CVE-2016-3082,CVE-2016-3081,CVE-2016-3087,CVE-2016-0785 are fixed in Apache-structs2-core for Linux 2.3.20.3 | Linux |
| Vulnerabilities CVE-2016-3082,CVE-2016-3081,CVE-2016-3087 are fixed in Apache-structs2-core for Linux 2.3.28.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234