Lucene search

K
canvasImmunity CanvasSTRUTS2_DMI_RCE
HistoryApr 26, 2016 - 2:59 p.m.

Immunity Canvas: STRUTS2_DMI_RCE

2016-04-2614:59:00
Immunity Canvas
exploitlist.immunityinc.com
566

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

Name struts2_dmi_rce
CVE CVE-2016-3081 Exploit Pack
VENDOR: Apache
NOTES:
The JAR Server will listen on the port provided in the UI. However, if that port is unavailable,
a random one will be chosen.

Example vulnerable application: struts2-showcase in Struts 2.3.20.1 (with Dynamic Method Invocation enabled)
Example URL: http://172.16.196.137:8080/struts2-showcase/showcase.action

Versions tested:

> Ubuntu Linux 14.04.1
Java 1.8.0.151/Tomcat 7.0.82/Struts 2.3.20.1
Java 1.8.0.151/Tomcat 7.0.82/Struts 2.3.24.1
Java 1.8.0.151/Tomcat 8.0.48/Struts 2.3.20.1
Java 1.8.0.151/Tomcat 8.0.48/Struts 2.3.24.1
Java 1.7.0.151/Tomcat 8.0.48/Struts 2.3.20.1
Java 1.7.0.151/Tomcat 8.0.48/Struts 2.3.24.1

Repeatability: Infinite
References: https://cwiki.apache.org/confluence/display/WW/S2-032
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3081

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%