cnvd - cnvd-2016-03754

cnvd-2016-03754

Vulnerability from cnvd

Title: Apache Struts2远程代码执行漏洞(CNVD-2016-03754 )

Description:

Apache Struts是一款用于创建企业级Java Web应用的开源框架。

Struts2存在远程代码执行漏洞，攻击者利用漏洞可在启动动态方法情况下，使用REST插件调用恶意表达式可远程执行代码。

Severity: 高

Patch Name: Apache Struts2远程代码执行漏洞(CNVD-2016-03754 )的补丁

Patch Description:

Apache Struts是一款用于创建企业级Java Web应用的开源框架。

Struts2存在远程代码执行漏洞，攻击者利用漏洞可在启动动态方法情况下，使用REST插件调用恶意表达式可远程执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

关闭动态调用方法或升级至新版本修复该漏洞，软件更新地址： https://cwiki.apache.org/confluence/display/WW/Migration+Guide

Reference: http://struts.apache.org/docs/s2-033.html

Impacted products

Name
['Apache struts 2.3.20-2.3.20.2', 'Apache struts 2.3.20.4-2.3.24.2', 'Apache struts 2.3.24.4-2.3.28']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-3087"
    }
  },
  "description": "Apache Struts\u662f\u4e00\u6b3e\u7528\u4e8e\u521b\u5efa\u4f01\u4e1a\u7ea7Java Web\u5e94\u7528\u7684\u5f00\u6e90\u6846\u67b6\u3002 \r\n\r\nStruts2\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u5728\u542f\u52a8\u52a8\u6001\u65b9\u6cd5\u60c5\u51b5\u4e0b\uff0c\u4f7f\u7528REST\u63d2\u4ef6\u8c03\u7528\u6076\u610f\u8868\u8fbe\u5f0f\u53ef\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002",
  "discovererName": "Alvaro Munoz alvaro.munoz@hpe.com",
  "formalWay": "\u5173\u95ed\u52a8\u6001\u8c03\u7528\u65b9\u6cd5\u6216\u5347\u7ea7\u81f3\u65b0\u7248\u672c\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u8f6f\u4ef6\u66f4\u65b0\u5730\u5740\uff1a\r\nhttps://cwiki.apache.org/confluence/display/WW/Migration+Guide",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-03754",
  "openTime": "2016-06-03",
  "patchDescription": "Apache Struts\u662f\u4e00\u6b3e\u7528\u4e8e\u521b\u5efa\u4f01\u4e1a\u7ea7Java Web\u5e94\u7528\u7684\u5f00\u6e90\u6846\u67b6\u3002 \r\n\r\nStruts2\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u5728\u542f\u52a8\u52a8\u6001\u65b9\u6cd5\u60c5\u51b5\u4e0b\uff0c\u4f7f\u7528REST\u63d2\u4ef6\u8c03\u7528\u6076\u610f\u8868\u8fbe\u5f0f\u53ef\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Struts2\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CNVD-2016-03754 )\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache struts 2.3.20-2.3.20.2",
      "Apache struts  2.3.20.4-2.3.24.2",
      "Apache struts  2.3.24.4-2.3.28"
    ]
  },
  "referenceLink": "http://struts.apache.org/docs/s2-033.html",
  "serverity": "\u9ad8",
  "submitTime": "2016-06-03",
  "title": "Apache Struts2\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CNVD-2016-03754 )"
}

CVE-2016-3087 (GCVE-0-2016-3087)

Vulnerability from cvelistv5

Published

2016-06-07 18:00

Modified

2024-08-05 23:40

Severity ?

CWE

Summary

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1036017	vdb-entry, x_refsource_SECTRACK
	https://www.exploit-db.com/exploits/39919/	exploit, x_refsource_EXPLOIT-DB
	http://struts.apache.org/docs/s2-033.html	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21987854	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/90960	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:15.549Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036017",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036017"
          },
          {
            "name": "39919",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39919/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://struts.apache.org/docs/s2-033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854"
          },
          {
            "name": "90960",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/90960"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-12T20:45:53",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "1036017",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036017"
        },
        {
          "name": "39919",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39919/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://struts.apache.org/docs/s2-033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854"
        },
        {
          "name": "90960",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/90960"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-3087",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036017",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036017"
            },
            {
              "name": "39919",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/39919/"
            },
            {
              "name": "http://struts.apache.org/docs/s2-033.html",
              "refsource": "CONFIRM",
              "url": "http://struts.apache.org/docs/s2-033.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854"
            },
            {
              "name": "90960",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/90960"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-3087",
    "datePublished": "2016-06-07T18:00:00",
    "dateReserved": "2016-03-10T00:00:00",
    "dateUpdated": "2024-08-05T23:40:15.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted