Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-8C6J-FFMF-Q6VM
HistoryMay 14, 2022 - 12:54 a.m.

Apache Struts RCE Vulnerability

2022-05-1400:54:14
CWE-77
GitHub Advisory Database
github.com
6

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.

Related

checkpoint_advisories 1
saint 4
ubuntucve 1
nessus 2
huawei 1
osv 1
zdt 1
prion 1
seebug 1
canvas 1
dsquare 1
cve 1
openvas 2
nuclei 1
packetstorm 1
myhack58 1
f5 2
ibm 3
kitploit 1
oracle 2
checkpoint_advisories
checkpoint_advisories
Apache Struts Dynamic Method Remote Code Execution (CVE-2016-3081)
2016-05-01 00:00:00
saint
saint
Apache Struts Dynamic Method Invocation command execution
2016-05-06 00:00:00
Apache Struts Dynamic Method Invocation command execution
2016-05-06 00:00:00
Apache Struts Dynamic Method Invocation command execution
2016-05-06 00:00:00
ubuntucve
ubuntucve
CVE-2016-3081
2016-04-26 00:00:00
nessus
nessus
Apache Struts 2 'method:' Prefix Arbitrary Remote Command Execution
2018-12-17 00:00:00
Apache Struts 2.x < 2.3.28.1 Multiple Vulnerabilities
2016-04-28 00:00:00
huawei
huawei
Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products
2016-05-27 00:00:00
osv
osv
Apache Struts RCE Vulnerability
2022-05-14 00:54:14
zdt
zdt
Apache Struts - Dynamic Method Invocation Remote Code Execution (Metasploit)
2016-05-02 00:00:00
prion
prion
Design/Logic Flaw
2016-04-26 14:59:00
seebug
seebug
Struts2 ζ–Ήζ³•θ°ƒη”¨θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(S2-032)
2016-04-26 00:00:00
canvas
canvas
Immunity Canvas: STRUTS2_DMI_RCE
2016-04-26 14:59:00
dsquare
dsquare
Apache Struts Dynamic Method Invocation Expression Handling RCE
2018-04-20 00:00:00
cve
cve
CVE-2016-3081
2016-04-26 14:59:00
openvas
openvas
Apache Struts Security Update (S2-032) - Active Check
2016-06-01 00:00:00
Apache Struts Security Update (S2-032, S2-033) - Version Check
2016-05-06 00:00:00
nuclei
nuclei
Apache S2-032 Struts - Remote Code Execution
2021-02-16 11:09:10
packetstorm
packetstorm
Apache Struts 2.3.28 Dynamic Method Invocation Remote Code Execution
2016-04-30 00:00:00
myhack58
myhack58
S2-057 vulnerability in the original author's README: how to use automated tools find 5 RCE-vulnerability warning-the black bar safety net
2018-08-23 00:00:00
f5
f5
K17588029 : Apache Struts vulnerabilities CVE-2016-0785, CVE-2016-2162, CVE-2016-3081, CVE-2016-3082, and CVE-2016-4003
2016-04-25 00:00:00
SOL17588029 - Apache Struts vulnerabilities CVE-2016-0785, CVE-2016-2162, CVE-2016-3081, CVE-2016-3082, and CVE-2016-4003
2016-04-25 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in Struts affect IBM InfoSphere Information Server
2018-06-16 13:42:18
Security Bulletin: IBM Sterling Order Management Apache Struts upgrade strategy (various CVEs, see below)
2022-09-14 17:45:15
Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)
2022-09-14 17:37:56
kitploit
kitploit
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
oracle
oracle
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON
Related for GHSA-8C6J-FFMF-Q6VM
checkpoint_advisories1saint4ubuntucve1nessus2huawei1osv1zdt1prion1seebug1canvas1dsquare1cve1openvas2nuclei1packetstorm1myhack581f52ibm3kitploit1oracle2