vulnerability

Apache Struts: S2-029 (CVE-2016-0785): Security updates available for Apache Struts

Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Apr 12, 2016
Added
Jun 27, 2017
Modified
Apr 14, 2025

Description

Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.

Solution(s)

apache-struts-upgrade-2_3_20_3apache-struts-upgrade-2_3_24_3apache-struts-upgrade-2_3_28
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.