Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMEB2D86A7BBA252757A65C0A0A0329A0AD6B47B01B8C03C060D72D11BD2074A52
HistoryAug 30, 2022 - 4:40 p.m.

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2016-3093

2022-08-3016:40:55
www.ibm.com
15
ibm
tririga
application platform
cve-2016-3093
denial of service
apache struts
vulnerability
denial of service fix
download
remediation
fixcentral

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.027

Percentile

90.6%

JSON

Summary

IBM TRIRIGA Application Platform discloses CVE-2016-3093

Vulnerability Details

CVEID:CVE-2016-3093
**DESCRIPTION:**Apache Struts is vulnerable to a denial of service, caused by the improper implementation of cache used to store method references by the OGNL expression language. An attacker could exploit this vulnerability to block access to a Web site.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/113686 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM TRIRIGA Application Platform All
IBM TRIRIGA Application Suite All

Remediation/Fixes

Product|VRMF|

Remediation/First Fix

—|—|—
IBM TRIRIGA Application Platform| 3.6.1.3| The fix is available for download on FixCentral.
IBM TRIRIGA Application Platform| 3.7.0.1| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 3.8.0.1| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 4.0.2| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 4.1.1| The fix is available for download on FixCentral

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtririga_application_platformMatch3.6
OR
ibmtririga_application_platformMatch2.7
OR
ibmtririga_application_platformMatch3.8
OR
ibmtririga_application_platformMatch4.0
OR
ibmtririga_application_platformMatch4.1
VendorProductVersionCPE
ibmtririga_application_platform3.6cpe:2.3:a:ibm:tririga_application_platform:3.6:*:*:*:*:*:*:*
ibmtririga_application_platform2.7cpe:2.3:a:ibm:tririga_application_platform:2.7:*:*:*:*:*:*:*
ibmtririga_application_platform3.8cpe:2.3:a:ibm:tririga_application_platform:3.8:*:*:*:*:*:*:*
ibmtririga_application_platform4.0cpe:2.3:a:ibm:tririga_application_platform:4.0:*:*:*:*:*:*:*
ibmtririga_application_platform4.1cpe:2.3:a:ibm:tririga_application_platform:4.1:*:*:*:*:*:*:*

Related

redhatcve 1
f5 2
nvd 1
cve 1
nessus 2
cvelist 1
osv 1
ubuntucve 1
prion 1
github 1
ibm 5
openvas 1
wallarmlab 1
redhatcve
redhatcve
CVE-2016-3093
2016-06-01 13:48:53
f5
f5
K23432135 : Apache Struts 2 vulnerability CVE-2016-3093
2016-06-27 00:00:00
SOL23432135 - Apache Struts 2 vulnerability CVE-2016-3093
2016-06-27 00:00:00
nvd
nvd
CVE-2016-3093
2016-06-07 18:59:03
cve
cve
CVE-2016-3093
2016-06-07 18:59:03
nessus
nessus
F5 Networks BIG-IP : Apache Struts 2 vulnerability (K23432135)
2016-06-28 00:00:00
Apache Struts 2.x < 2.3.28 Multiple Vulnerabilities (S2-028) (S2-029) (S2-030) (S2-034)
2016-03-24 00:00:00
cvelist
cvelist
CVE-2016-3093
2016-06-07 18:00:00
osv
osv
Denial of service in Apache Struts
2022-05-17 03:42:18
ubuntucve
ubuntucve
CVE-2016-3093
2016-06-07 00:00:00
prion
prion
Design/Logic Flaw
2016-06-07 18:59:00
github
github
Denial of service in Apache Struts
2022-05-17 03:42:18
ibm
ibm
Security Bulletin: IBM Sterling Order Management is affected by Apache Struts 2 security vulnerabilities (CVE-2016-3093 , CVE-2016-4436)
2018-06-16 20:08:21
Security Bulletin: Multiple Vulnerabilities in Struts affect IBM InfoSphere Information Server
2018-06-16 13:42:18
Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ
2020-02-20 12:42:12
openvas
openvas
Apache Struts Security Update (S2-028, S2-030, S2-034)
2016-06-06 00:00:00
wallarmlab
wallarmlab
New Struts2 Remote Code Execution exploit caught in the wild
2017-03-09 00:15:54

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.027

Percentile

90.6%

JSON
Related for EB2D86A7BBA252757A65C0A0A0329A0AD6B47B01B8C03C060D72D11BD2074A52
redhatcve1f52nvd1cve1nessus2cvelist1osv1ubuntucve1prion1github1ibm5openvas1wallarmlab1