Vulnerability & Exploit Database

Back to search

Apache Struts: CVE-2016-3081: Remote Code Execution

Severity CVSS Published Added Modified
9 (AV:N/AC:M/Au:N/C:C/I:C/A:C) April 25, 2016 June 26, 2017 October 29, 2017

Available Exploits 

Description

Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

struts-cve-2016-3081-1

Related Vulnerabilities