Vulnerability & Exploit Database

Back to search

Apache Struts: CVE-2016-3087: Remote code execution vulnerability

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:P/I:P/A:P) June 06, 2016 June 26, 2017 October 29, 2017

Available Exploits 

Description

Apache Struts 2.3.20.x before 2.3.20.3, 2.3.24.x before 2.3.24.3, and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

struts-cve-2016-3087-1