Описание
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| precise/esm | DNE | |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | needs-triage | |
| vivid/ubuntu-core | DNE | |
| xenial | DNE | |
| zesty | DNE |
Показывать по
9 Critical
CVSS2
8.8 High
CVSS3
Связанные уязвимости
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arb ...
Уязвимость программной платформы Apache Struts, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю выполнить произвольный код
9 Critical
CVSS2
8.8 High
CVSS3