Published: 26/04/2016 Updated: 12/08/2019

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 936

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote malicious users to execute arbitrary code via method: prefix, related to chained expressions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache struts 2.3.28
apache struts 2.3.4
apache struts 2.3.3
apache struts 2.3.15.1
apache struts 2.3.15
apache struts 2.3.1.1
apache struts 2.3.1
apache struts 2.1.6
apache struts 2.1.5
apache struts 2.0.7
apache struts 2.0.6
apache struts 2.0.12
apache struts 2.0.11.2
apache struts 2.3.24
apache struts 2.3.8
apache struts 2.3.16.2
apache struts 2.3.16.1
apache struts 2.3.16
apache struts 2.3.14.1
apache struts 2.3.14
apache struts 2.2.1.1
apache struts 2.2.1
apache struts 2.1.1
apache struts 2.1.0
apache struts 2.0.3
apache struts 2.0.2
apache struts 2.0.10
apache struts 2.0.1
apache struts 2.3.7
apache struts 2.3.4.1
apache struts 2.3.15.3
apache struts 2.3.15.2
apache struts 2.3.12
apache struts 2.3.1.2
apache struts 2.1.8.1
apache struts 2.1.8
apache struts 2.0.9
apache struts 2.0.8
apache struts 2.0.14
apache struts 2.0.13
apache struts 2.0.0
apache struts 2.3.20
apache struts 2.3.24.1
apache struts 2.3.20.1
apache struts 2.3.16.3
apache struts 2.3.14.3
apache struts 2.3.14.2
apache struts 2.2.3.1
apache struts 2.2.3
apache struts 2.1.4
apache struts 2.1.3
apache struts 2.1.2
apache struts 2.0.5
apache struts 2.0.4
apache struts 2.0.11.1
apache struts 2.0.11
oracle siebel e-billing 7.1

Apache Struts 2x before 23202, 2324x before 23242, and 2328x before 23281, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initialize(info = {}) super(update ...

Proof of concept of S02-32 Apache Struts2服务在开启动态方法调用(DMI)的情况下，可以被远程执行任意命令,该漏洞编号为CVE-2016-3081，提供的POC仅供学习及测试使用，否则请及时删除

The EXP coding by python

PyEXP The EXP coding by python,and I'll publish the popular EXP here ##s2-032_cmdpy USG: python s2-032_cmdpy xyz/*action use '\q' to exit the shell ##s2-032_allpy usage: s2-032_allpy [-h] [--cmd] [--url URL] [-f FILENAME] [-d SHELLNAME] CVE-2016-3081 | Apache Struts S2-032 optional arguments: -h, --help show this help message and exit --cmd

CWE-77 http://www.securitytracker.com/id/1035665 https://struts.apache.org/docs/s2-032.html http://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exec http://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/87327 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-en https://www.exploit-db.com/exploits/39756/http://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_exec https://nvd.nist.gov https://github.com/killerhack/S02-32-POC https://github.com/jooeji/PyEXP https://www.exploit-db.com/exploits/39756/https://access.redhat.com/security/cve/cve-2016-3081

CVE-2016-3081

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect