5
CVSSv2

CVE-2016-3093

Published: 07/06/2016 Updated: 28/11/2016
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

Apache Struts 2.0.0 up to and including 2.3.24.1 does not properly cache method references when used with OGNL prior to 3.0.12, which allows remote malicious users to cause a denial of service (block access to a web site) via unspecified vectors.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

ognl_project ognl

apache struts 2.0.0

apache struts 2.0.1

apache struts 2.0.2

apache struts 2.0.3

apache struts 2.0.4

apache struts 2.0.5

apache struts 2.0.6

apache struts 2.0.7

apache struts 2.0.8

apache struts 2.0.9

apache struts 2.0.10

apache struts 2.0.11

apache struts 2.0.11.1

apache struts 2.0.11.2

apache struts 2.0.12

apache struts 2.0.13

apache struts 2.0.14

apache struts 2.1.0

apache struts 2.1.1

apache struts 2.1.2

apache struts 2.1.3

apache struts 2.1.4

apache struts 2.1.5

apache struts 2.1.6

apache struts 2.1.8

apache struts 2.1.8.1

apache struts 2.2.1

apache struts 2.2.1.1

apache struts 2.2.3

apache struts 2.2.3.1

apache struts 2.3.1

apache struts 2.3.1.1

apache struts 2.3.1.2

apache struts 2.3.4

apache struts 2.3.4.1

apache struts 2.3.7

apache struts 2.3.8

apache struts 2.3.12

apache struts 2.3.14

apache struts 2.3.14.1

apache struts 2.3.14.2

apache struts 2.3.14.3

apache struts 2.3.15

apache struts 2.3.15.1

apache struts 2.3.15.2

apache struts 2.3.15.3

apache struts 2.3.16

apache struts 2.3.16.1

apache struts 2.3.16.2

apache struts 2.3.16.3

apache struts 2.3.20

apache struts 2.3.20.1

apache struts 2.3.20.3

apache struts 2.3.24

apache struts 2.3.24.1

Vendor Advisories

Apache Struts 200 through 23241 does not properly cache method references when used with OGNL before 3012, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors ...

Github Repositories

Cyber Securiy MOOC Unsecure project

LINK: githubcom/ilmari666/cybsec Based on the Springboot-template as per course material that can be installed and run with suitably configured Netbeans and Maven Five flaws as per wwwowasporg/images/7/72/OWASP_Top_10-2017_%28en%29pdfpdf This document can be read at githubcom/ilmari666/cybsec/blob/master/READMEmd FLAW 1: A2:2017 Broken Authentica