CVE-2016-4461 in Strutsinfo

Zusammenfassung

von MITRE

Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

02.05.2016

Veröffentlichung

16.10.2017

Moderieren

akzeptiert

Eintrag

VDB-107904

CPE

bereit

CWE

CWE-20 (bestätigt)

CVSS

8.8 (NVD)

EPSS

0.01142

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider, Telecommunication

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-4461
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4461
CVE Details	https://www.cvedetails.com/cve/CVE-2016-4461/

◂ Zurück Übersicht Weiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!