Vulnerability & Exploit Database

Back to search

Apache Struts: S2-033 (CVE-2016-3087): Security updates available for Apache Struts

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:P/I:P/A:P) June 07, 2016 June 27, 2017 January 19, 2018

Available Exploits 

Description

Apache Struts 2.3.20.x before 2.3.20.3, 2.3.24.x before 2.3.24.3, and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

apache-struts-upgrade-2_3_20_3