Vulnerability & Exploit Database

Back to search

Apache Struts: S2-032 (CVE-2016-3081): Security updates available for Apache Struts

Severity CVSS Published Added Modified
9 (AV:N/AC:M/Au:N/C:C/I:C/A:C) April 26, 2016 June 27, 2017 January 19, 2018

Available Exploits 

Description

Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

apache-struts-upgrade-2_3_20_3

Related Vulnerabilities