CVE-2016-3082

Опубликовано: 26 апр. 2016

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.

Ссылки

http://struts.apache.org/docs/s2-031.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/88826
http://www.securitytracker.com/id/1035664
http://struts.apache.org/docs/s2-031.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/88826
http://www.securitytracker.com/id/1035664

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.34801

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2016-3082

CVSS3: 9.8

ubuntu

почти 10 лет назад

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.

CVE-2016-3082

redhat

почти 10 лет назад

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.

CVE-2016-3082

CVSS3: 9.8

debian

почти 10 лет назад

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.2 ...

GHSA-pvm9-288c-v5wq

CVSS3: 9.8

github

больше 3 лет назад

Remote Code Execution in Apache Struts

BDU:2016-01137

CVSS3: 9.8

fstec

почти 10 лет назад

Уязвимость реализации класса XSLTResult программной платформы Apache Struts, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 97%

0.34801

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-20