...
Excerpt |
---|
Remote Code Execution can be performed when using REST Plugin with |
Who should read this | All Struts 2 developers and users |
---|---|
Impact of vulnerability | Possible Remote Code Execution |
Maximum security rating |
Important | |
Recommendation | Disable Dynamic Method Invocation if possible. Alternatively upgrade to Struts 2.3.20.3, Struts 2.3.24.3 or Struts 2.3.28.1. |
---|---|
Affected Software | Struts 2.3.20 - Struts Struts 2.3.28 (except 2.3.20.3 and 2.3.24.3) |
Reporter | Alvaro Munoz alvaro dot munoz at hpe dot com |
CVE Identifier | CVE-2016-3087 |
Problem
It is possible to pass a malicious expression which can be used to execute arbitrary code on server side when Dynamic Method Invocation is enabled when using the REST Plugin.
...