HomePentest-Tools.com Logo

Apache S2-032 Struts - Remote Code Execution CVE-2016-3081

Severity
CVSSv3 Score
8.1
Vulnerability description

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when dynamic method invocation is enabled, allows remote attackers to execute arbitrary code via method: prefix (related to chained expressions).\n

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Upgrade to Apache Struts version 2.3.20.2, 2.3.24.2, or 2.3.28.1.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Apr 26, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available