K15168792 : Apache Struts 2 vulnerability CVE-2016-4438

2016-06-2400:00:00

my.f5.com

9.5 High

AI Score

Confidence

High

0.067 Low

EPSS

Percentile

93.9%

JSON

Security Advisory Description

The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. (CVE-2016-4438)
Impact
There is no impact; F5 products are not affected by this vulnerability.

CPENameOperatorVersion
big-ip afmeq11.4.0
big-ip afmeq11.4.1
big-ip afmeq11.5.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2
big-ip afmeq11.5.3
big-ip afmeq11.5.4
big-ip afmeq11.6.0
big-ip afmeq11.6.1
big-ip afmeq12.0.0

Name	Operator	Version
big-ip afm	eq	11.4.0
big-ip afm	eq	11.4.1
big-ip afm	eq	11.5.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3
big-ip afm	eq	11.5.4
big-ip afm	eq	11.6.0
big-ip afm	eq	11.6.1
big-ip afm	eq	12.0.0