9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.067 Low
EPSS
Percentile
93.7%
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
CPE | Name | Operator | Version |
---|---|---|---|
org.apache.struts:struts2-rest-plugin | lt | 2.3.29 | |
org.apache.struts:struts2-core | lt | 2.3.29 |
jvn.jp/en/jp/JVN07710476/index.html
jvndb.jvn.jp/jvndb/JVNDB-2016-000110
bugzilla.redhat.com/show_bug.cgi?id=1348238
github.com/advisories/GHSA-4prj-vw9j-v6pr
github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c
github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d
github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c
github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b
nvd.nist.gov/vuln/detail/CVE-2016-4438
struts.apache.org/docs/s2-037.html
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.067 Low
EPSS
Percentile
93.7%