vulnerability
Apache Struts: S2-029 (CVE-2016-0785): Security updates available for Apache Struts
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Apr 12, 2016 | Jun 27, 2017 | Apr 14, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Apr 12, 2016
Added
Jun 27, 2017
Modified
Apr 14, 2025
Description
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
Solution(s)
apache-struts-upgrade-2_3_20_3apache-struts-upgrade-2_3_24_3apache-struts-upgrade-2_3_28

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.