Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2016-3087

Published: 07/06/2016 Updated: 12/08/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 761
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Struts

Vulnerability Summary

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote malicious users to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.

Vulnerable Product Search on Vulmon Subscribe to Product

apache struts 2.3.20.1

apache struts 2.3.20

apache struts 2.3.24.1

apache struts 2.3.24

apache struts 2.3.28

Vendor Advisories

Red Hat: CVE-2016-3087
Apache Struts 2320x before 23203, 2324x before 23243, and 2328x before 23281, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin ...

Exploits

Exploit DB: Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution
#!/usr/bin/python # -*- coding: utf-8 -*- import requests import random import base64 upperAlpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" lowerAlpha = "abcdefghijklmnopqrstuvwxyz" numerals = "0123456789" allchars = [chr(_) for _ in xrange(0x00, 0xFF + 0x01)] def rand_base(length, bad, chars): '''generate a random string with chars collection''' ...
Exploit DB: Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initialize(info = {}) super(update ...

Github Repositories

https://github.com/SunatP/FortiSIEM-Incapsula-Parser

FortiSIEM Incapsula WAF Parser Custom Why did we create a custom Incapsula WAF for FortiSIEM? Because the latest version of FortiSIEM doesn't support this parser or API yet Furthermore, Common Event Format(CEF) logs that have come to the FortiSIEM will be parsed to the generic CEF instead The structure of the parser <patternDefinitions> <!-- Defi

https://github.com/Karma47/Cybersecurity_base_project_2

Metasploitable 3 and Snort rules

Please GO THROUGH THE PDF FILE Cybersecurity_base_project_2 Metasploitable 3 and Snort rules Cyber security base – Project 2 Target – Metasploitable 3 Windows Server 2008 & Ubuntu server 14 STEP 1: Run an Nmap Ping sweep scan to look for potential connected devices $ nmap -sP 19216811/24 STEP 2: Identify Target Host – 192168140 STEP 3: Run an nma

References

CWE-20http://www.securitytracker.com/id/1036017http://struts.apache.org/docs/s2-033.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21987854http://www.securityfocus.com/bid/90960https://www.exploit-db.com/exploits/39919/https://nvd.nist.govhttps://github.com/SunatP/FortiSIEM-Incapsula-Parserhttps://github.com/Karma47/Cybersecurity_base_project_2https://www.exploit-db.com/exploits/43382/https://access.redhat.com/security/cve/cve-2016-3087
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook