Apache Struts XSLTResult File Inclusion (CVE-2016-3082)

A file inclusion vulnerability exists in Apache's Struts 2 web application framework. The vulnerability is due to a failure to validate user's input when stylesheet is being passed as a request parameter. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP...

CVE-2016-3082

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter...

CVE-2016-3082

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter...

CVE-2016-3082

CVE-2016-3082 affects Apache Struts 2.x; using XSLTResult, remote code execution is possible via the stylesheet location parameter. Affected: 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1. Impact: arbitrary code execution on the server. Remediation: upgrade to patche...

SOL17588029 - Apache Struts vulnerabilities CVE-2016-0785, CVE-2016-2162, CVE-2016-3081, CVE-2016-3082, and CVE-2016-4003

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...