vulnerability

F5 Networks: K23432135 (CVE-2016-3093): Apache Struts 2 vulnerability CVE-2016-3093

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Jun 7, 2016	Feb 16, 2017	Feb 1, 2018

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Jun 7, 2016

Added

Feb 16, 2017

Modified

Feb 1, 2018

Description

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.

Solution

f5-big-ip-upgrade-latest

References

URL-https://support.f5.com/csp/article/K23432135
BID-90961
SECTRACK-1036018
NVD-CVE-2016-3093

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today