Vulnerability CVE-2016-3081

Vulnerability CVE-2016-3081

Published: 2016-04-26

Description:

	Topic	Author	Date
High	Apache Struts 2.3.28 Dynamic Method Invocation Remote Code Execution	Nixawk	30.04.2016

Type:

(Improper Neutralization of Special Elements used in a Command ('Command Injection'))

CVSS Base Score	Impact Subscore	Exploitability Subscore
9.3/10	10/10	8.6/10

Affected software
Oracle -> Siebel e-billing
Apache -> Struts

http://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.html

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-en

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exec

http://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_exec

http://www.securityfocus.com/bid/87327

http://www.securityfocus.com/bid/91787

http://www.securitytracker.com/id/1035665

https://struts.apache.org/docs/s2-032.html

https://www.exploit-db.com/exploits/39756/