Lucene search
GoogleOSV:GHSA-MMJ6-CJJ4-HPR5HistoryMay 14, 2022 - 12:54 a.m.
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
2022-05-1400:54:14
Google
osv.dev
9
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
References
struts.apache.org/docs/s2-033.html
www-01.ibm.com/support/docview.wss?uid=swg21987854
github.com/apache/struts
github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f
nvd.nist.gov/vuln/detail/CVE-2016-3087
web.archive.org/web/20160616082237/www.securitytracker.com/id/1036017
web.archive.org/web/20160728170709/www.securityfocus.com/bid/90960
www.exploit-db.com/exploits/39919
Related
nvd
nvd
CVE-2016-3087
2016-06-07 18:59:02
f5
f5
K37024017 : Apache Struts 2 vulnerability CVE-2016-3087
2016-06-17 00:00:00
SOL37024017 - Apache Struts 2 vulnerability CVE-2016-3087
2016-06-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Struts REST Plugin DMI Code Execution (CVE-2016-3087)
2016-06-23 00:00:00
packetstorm
packetstorm
ubuntucve
ubuntucve
CVE-2016-3087
2016-06-07 00:00:00
cvelist
cvelist
CVE-2016-3087
2016-06-07 18:00:00
zdt
zdt
redhatcve
redhatcve
CVE-2016-3087
2016-06-01 13:18:43
prion
prion
Code injection
2016-06-07 18:59:00
cve
cve
CVE-2016-3087
2016-06-07 18:59:02
github
github
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
2022-05-14 00:54:14
Bypassing OGNL sandboxes for fun and charities
2023-01-27 16:00:49
openvas
openvas
Apache Struts Security Update (S2-032, S2-033) - Version Check
2016-05-06 00:00:00
nessus
nessus
Apache Struts 2.x < 2.3.28.1 Multiple Vulnerabilities
2016-04-28 00:00:00
impervablog
impervablog
Python and Go Top the Chart of 2019’s Most Popular Hacking Tools
2020-05-27 09:22:21
ibm
ibm