Lucene search
Immunity CanvasSTRUTS2_DMI_RCEHistoryApr 26, 2016 - 2:59 p.m.
Immunity Canvas: STRUTS2_DMI_RCE
2016-04-2614:59:00
Immunity Canvas
exploitlist.immunityinc.com
579
EPSS
0.975
Percentile
100.0%
| Name | struts2_dmi_rce |
|---|---|
| CVE | CVE-2016-3081 Exploit Pack |
| VENDOR: Apache | |
| NOTES: | |
| The JAR Server will listen on the port provided in the UI. However, if that port is unavailable, | |
| a random one will be chosen. |
Example vulnerable application: struts2-showcase in Struts 2.3.20.1 (with Dynamic Method Invocation enabled)
Example URL: http://172.16.196.137:8080/struts2-showcase/showcase.action
Versions tested:
> Ubuntu Linux 14.04.1
Java 1.8.0.151/Tomcat 7.0.82/Struts 2.3.20.1
Java 1.8.0.151/Tomcat 7.0.82/Struts 2.3.24.1
Java 1.8.0.151/Tomcat 8.0.48/Struts 2.3.20.1
Java 1.8.0.151/Tomcat 8.0.48/Struts 2.3.24.1
Java 1.7.0.151/Tomcat 8.0.48/Struts 2.3.20.1
Java 1.7.0.151/Tomcat 8.0.48/Struts 2.3.24.1
Repeatability: Infinite
References: https://cwiki.apache.org/confluence/display/WW/S2-032
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3081
Related
saint
saint
Apache Struts Dynamic Method Invocation command execution
2016-05-06 00:00:00
Apache Struts Dynamic Method Invocation command execution
2016-05-06 00:00:00
Apache Struts Dynamic Method Invocation command execution
2016-05-06 00:00:00
osv
osv
Apache Struts RCE Vulnerability
2022-05-14 00:54:14
nessus
nessus
Apache Struts 2 'method:' Prefix Arbitrary Remote Command Execution
2018-12-17 00:00:00
Apache Struts 2.x < 2.3.28.1 Multiple Vulnerabilities
2016-04-28 00:00:00
nvd
nvd
CVE-2016-3081
2016-04-26 14:59:02
huawei
huawei
checkpoint_advisories
checkpoint_advisories
Apache Struts Dynamic Method Remote Code Execution (CVE-2016-3081)
2016-05-01 00:00:00
metasploit
metasploit
Apache Struts Dynamic Method Invocation Remote Code Execution
2016-04-30 16:00:29
ubuntucve
ubuntucve
CVE-2016-3081
2016-04-26 00:00:00
cvelist
cvelist
CVE-2016-3081
2016-04-26 14:00:00
packetstorm
packetstorm
Apache Struts 2.3.28 Dynamic Method Invocation Remote Code Execution
2016-04-30 00:00:00
nuclei
nuclei
Apache S2-032 Struts - Remote Code Execution
2021-02-16 11:09:10
github
github
Apache Struts RCE Vulnerability
2022-05-14 00:54:14
openvas
openvas
Apache Struts Security Update (S2-032) - Active Check
2016-06-01 00:00:00
Apache Struts Security Update (S2-032, S2-033) - Version Check
2016-05-06 00:00:00
dsquare
dsquare
Apache Struts Dynamic Method Invocation Expression Handling RCE
2018-04-20 00:00:00
exploitdb
exploitdb
Apache Struts - Dynamic Method Invocation Remote Code Execution (Metasploit)
2016-05-02 00:00:00
cve
cve
CVE-2016-3081
2016-04-26 14:59:02
prion
prion
Design/Logic Flaw
2016-04-26 14:59:00
seebug
seebug
Struts2 ζΉζ³θ°η¨θΏη¨δ»£η ζ§θ‘ζΌζ΄(S2-032)
2016-04-26 00:00:00
zdt
zdt
Apache Struts - Dynamic Method Invocation Remote Code Execution (Metasploit)
2016-05-02 00:00:00
f5
f5
myhack58
myhack58
ibm
ibm
kitploit
kitploit
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
oracle
oracle
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00