Vulnerability Description
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Struts | 2.3.20 |
Related Weaknesses (CWE)
References
- http://struts.apache.org/docs/s2-033.htmlVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21987854
- http://www.securityfocus.com/bid/90960
- http://www.securitytracker.com/id/1036017
- https://www.exploit-db.com/exploits/39919/
- http://struts.apache.org/docs/s2-033.htmlVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21987854
- http://www.securityfocus.com/bid/90960
- http://www.securitytracker.com/id/1036017
- https://www.exploit-db.com/exploits/39919/
FAQ
What is CVE-2016-3087?
CVE-2016-3087 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exc...
How severe is CVE-2016-3087?
CVE-2016-3087 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-3087?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Struts.