Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors. (CVE-2016-3093)
Impact
The Object-Graph Navigation Language (OGNL) used by the Apache Struts framework uses an improper implementation of cache to store method references. When the BIG-IP AAM system is provisioned, a remote attacker can attempt to initiate a denial-of-service (DoS) attack.