漏洞类别:Web Application
漏洞等级: 
漏洞信息
The Apache Struts web framework is a free open source solution for creating Java web applications.
A vulnerability CVE-2016-4438 exists due to improper handling of malicious expressions by the Apache Struts when using the REST plugin. This will allow an attacker to execute arbitrary code via REST plugin. This vulnerability can be exploited even when Dynamic Method Invocation(DMI) is disabled.
Affected versions:
Apache Struts 2.3.20 to Apache Struts 2.3.28.1
漏洞危害
A remote attacker could exploit this vulnerability to execute arbitrary code on the targeted system.
解决方案
Upgrade to the latest version of the Apache Struts 2 framework to fix this issue. For more details please refer to vendor advisory: S2-037
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论