Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:C0B4D5468890CF90769399ACED5F1513
HistoryMay 06, 2016 - 12:00 a.m.

Apache Struts Dynamic Method Invocation command execution

2016-05-0600:00:00
SAINT Corporation
www.saintcorporation.com
31

0.975 High

EPSS

Percentile

100.0%

JSON

Added: 05/06/2016
CVE: CVE-2016-3081

Background

Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller (MVC) architecture.

The Dynamic Method Invocation feature allows the HTTP request to specify the name of the method to invoke.

Problem

A vulnerability in the Dynamic Method Invocation feature allows a remote attacker to execute arbitrary code by sending a specially crafted request containing a **method:** prefix.

Resolution

Upgrade to Apache Struts 2.3.20.3, 2.3.24.3, or 2.3.28.1 or higher, or disable Dynamic Method Invocation in the web application.

References

<https://struts.apache.org/docs/s2-032.html&gt;

Limitations

Exploit works on vulnerable versions of Apache Struts between 2.3.20 and 2.3.28 on Linux operating systems, and requires Dynamic Method Invocation to be enabled.

Platforms

Linux

Related

nessus 2
nvd 1
saint 3
osv 1
huawei 1
checkpoint_advisories 1
cvelist 1
ubuntucve 1
zdt 1
seebug 1
prion 1
dsquare 1
canvas 1
openvas 2
cve 1
github 1
nuclei 1
packetstorm 1
f5 2
myhack58 1
ibm 3
kitploit 1
oracle 2
nessus
nessus
Apache Struts 2 'method:' Prefix Arbitrary Remote Command Execution
2018-12-17 00:00:00
Apache Struts 2.x < 2.3.28.1 Multiple Vulnerabilities
2016-04-28 00:00:00
nvd
nvd
CVE-2016-3081
2016-04-26 14:59:02
saint
saint
Apache Struts Dynamic Method Invocation command execution
2016-05-06 00:00:00
Apache Struts Dynamic Method Invocation command execution
2016-05-06 00:00:00
Apache Struts Dynamic Method Invocation command execution
2016-05-06 00:00:00
osv
osv
Apache Struts RCE Vulnerability
2022-05-14 00:54:14
huawei
huawei
Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products
2016-05-27 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Struts Dynamic Method Remote Code Execution (CVE-2016-3081)
2016-05-01 00:00:00
cvelist
cvelist
CVE-2016-3081
2016-04-26 14:00:00
ubuntucve
ubuntucve
CVE-2016-3081
2016-04-26 00:00:00
zdt
zdt
Apache Struts - Dynamic Method Invocation Remote Code Execution (Metasploit)
2016-05-02 00:00:00
seebug
seebug
Struts2 ζ–Ήζ³•θ°ƒη”¨θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(S2-032)
2016-04-26 00:00:00
prion
prion
Design/Logic Flaw
2016-04-26 14:59:00
dsquare
dsquare
Apache Struts Dynamic Method Invocation Expression Handling RCE
2018-04-20 00:00:00
canvas
canvas
Immunity Canvas: STRUTS2_DMI_RCE
2016-04-26 14:59:00
openvas
openvas
Apache Struts Security Update (S2-032) - Active Check
2016-06-01 00:00:00
Apache Struts Security Update (S2-032, S2-033) - Version Check
2016-05-06 00:00:00
cve
cve
CVE-2016-3081
2016-04-26 14:59:02
github
github
Apache Struts RCE Vulnerability
2022-05-14 00:54:14
nuclei
nuclei
Apache S2-032 Struts - Remote Code Execution
2021-02-16 11:09:10
packetstorm
packetstorm
Apache Struts 2.3.28 Dynamic Method Invocation Remote Code Execution
2016-04-30 00:00:00
f5
f5
K17588029 : Apache Struts vulnerabilities CVE-2016-0785, CVE-2016-2162, CVE-2016-3081, CVE-2016-3082, and CVE-2016-4003
2016-04-25 00:00:00
SOL17588029 - Apache Struts vulnerabilities CVE-2016-0785, CVE-2016-2162, CVE-2016-3081, CVE-2016-3082, and CVE-2016-4003
2016-04-25 00:00:00
myhack58
myhack58
S2-057 vulnerability in the original author's README: how to use automated tools find 5 RCE-vulnerability warning-the black bar safety net
2018-08-23 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in Struts affect IBM InfoSphere Information Server
2018-06-16 13:42:18
Security Bulletin: IBM Sterling Order Management Apache Struts upgrade strategy (various CVEs, see below)
2022-09-14 17:45:15
Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)
2022-09-14 17:37:56
kitploit
kitploit
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
oracle
oracle
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00

0.975 High

EPSS

Percentile

100.0%

JSON
Related for SAINT:C0B4D5468890CF90769399ACED5F1513
nessus2nvd1saint3osv1huawei1checkpoint_advisories1cvelist1ubuntucve1zdt1seebug1prion1dsquare1canvas1openvas2cve1github1nuclei1packetstorm1f52myhack581ibm3kitploit1oracle2