Описание
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-3087
- https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f
- https://web.archive.org/web/20160616082237/http://www.securitytracker.com/id/1036017
- https://web.archive.org/web/20160728170709/http://www.securityfocus.com/bid/90960
- https://www.exploit-db.com/exploits/39919
- http://struts.apache.org/docs/s2-033.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21987854
Пакеты
org.apache.struts:struts2-core
>= 2.3.19, < 2.3.20.3
2.3.20.3
org.apache.struts:struts2-core
>= 2.3.21, < 2.3.24.3
2.3.24.3
org.apache.struts:struts2-core
>= 2.3.25, < 2.3.28.1
2.3.28.1
Связанные уязвимости
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2. ...