Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-7fgd-jnfe-gkhp
SummaryApache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
Aliases
0
alias CVE-2016-3087
1
alias GHSA-mmj6-cjj4-hpr5
Fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.20.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.20.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-3yq7-n972-j7dh
2
vulnerability VCID-4agy-6nsx-7ufh
3
vulnerability VCID-6hrc-fm64-ckhf
4
vulnerability VCID-74ab-1p1c-4qbd
5
vulnerability VCID-79j9-v8gz-rfax
6
vulnerability VCID-7c97-nj5a-hqb8
7
vulnerability VCID-87fh-rvvb-6ubq
8
vulnerability VCID-8bsh-bshc-vkgq
9
vulnerability VCID-95ts-vpk6-uubg
10
vulnerability VCID-at5c-f8p8-67fh
11
vulnerability VCID-b7zy-qhz9-tuar
12
vulnerability VCID-bgbt-j1n9-6yg5
13
vulnerability VCID-cm62-bsdz-yye2
14
vulnerability VCID-dk2f-14xj-9bf8
15
vulnerability VCID-gfxq-vtry-bqgg
16
vulnerability VCID-hgj2-vqzn-gyeb
17
vulnerability VCID-j5su-cnqd-6yad
18
vulnerability VCID-sf53-bgb2-7ue2
19
vulnerability VCID-tgd1-s1yg-9fdt
20
vulnerability VCID-vgp6-jxqt-pbf4
21
vulnerability VCID-y4qu-21c9-6fav
22
vulnerability VCID-y5uq-a6dx-3yd4
23
vulnerability VCID-ygbu-vb2t-jqhx
24
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3
1
url pkg:maven/org.apache.struts/struts2-core@2.3.24.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-6hrc-fm64-ckhf
3
vulnerability VCID-74ab-1p1c-4qbd
4
vulnerability VCID-79j9-v8gz-rfax
5
vulnerability VCID-7c97-nj5a-hqb8
6
vulnerability VCID-87fh-rvvb-6ubq
7
vulnerability VCID-8bsh-bshc-vkgq
8
vulnerability VCID-95ts-vpk6-uubg
9
vulnerability VCID-b7zy-qhz9-tuar
10
vulnerability VCID-bgbt-j1n9-6yg5
11
vulnerability VCID-cm62-bsdz-yye2
12
vulnerability VCID-dk2f-14xj-9bf8
13
vulnerability VCID-gfxq-vtry-bqgg
14
vulnerability VCID-hgj2-vqzn-gyeb
15
vulnerability VCID-j5su-cnqd-6yad
16
vulnerability VCID-mdde-pa5h-w7g4
17
vulnerability VCID-sf53-bgb2-7ue2
18
vulnerability VCID-tgd1-s1yg-9fdt
19
vulnerability VCID-vgp6-jxqt-pbf4
20
vulnerability VCID-y4qu-21c9-6fav
21
vulnerability VCID-y5uq-a6dx-3yd4
22
vulnerability VCID-ygbu-vb2t-jqhx
23
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3
2
url pkg:maven/org.apache.struts/struts2-core@2.3.28.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.28.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-74ab-1p1c-4qbd
3
vulnerability VCID-79j9-v8gz-rfax
4
vulnerability VCID-7c97-nj5a-hqb8
5
vulnerability VCID-87fh-rvvb-6ubq
6
vulnerability VCID-8bsh-bshc-vkgq
7
vulnerability VCID-95ts-vpk6-uubg
8
vulnerability VCID-b7zy-qhz9-tuar
9
vulnerability VCID-bgbt-j1n9-6yg5
10
vulnerability VCID-cm62-bsdz-yye2
11
vulnerability VCID-dk2f-14xj-9bf8
12
vulnerability VCID-gfxq-vtry-bqgg
13
vulnerability VCID-hgj2-vqzn-gyeb
14
vulnerability VCID-mdde-pa5h-w7g4
15
vulnerability VCID-sf53-bgb2-7ue2
16
vulnerability VCID-tgd1-s1yg-9fdt
17
vulnerability VCID-vgp6-jxqt-pbf4
18
vulnerability VCID-y4qu-21c9-6fav
19
vulnerability VCID-y5uq-a6dx-3yd4
20
vulnerability VCID-ygbu-vb2t-jqhx
21
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1
Affected_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.19
purl pkg:maven/org.apache.struts/struts2-core@2.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-579w-2k2v-efa2
1
vulnerability VCID-7fgd-jnfe-gkhp
2
vulnerability VCID-czjh-bpfk-3yh6
3
vulnerability VCID-mdde-pa5h-w7g4
4
vulnerability VCID-vgp6-jxqt-pbf4
5
vulnerability VCID-y4qu-21c9-6fav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.19
1
url pkg:maven/org.apache.struts/struts2-core@2.3.20
purl pkg:maven/org.apache.struts/struts2-core@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-3yq7-n972-j7dh
3
vulnerability VCID-4agy-6nsx-7ufh
4
vulnerability VCID-579w-2k2v-efa2
5
vulnerability VCID-6hrc-fm64-ckhf
6
vulnerability VCID-74ab-1p1c-4qbd
7
vulnerability VCID-79j9-v8gz-rfax
8
vulnerability VCID-7c97-nj5a-hqb8
9
vulnerability VCID-7fgd-jnfe-gkhp
10
vulnerability VCID-87fh-rvvb-6ubq
11
vulnerability VCID-8bsh-bshc-vkgq
12
vulnerability VCID-95ts-vpk6-uubg
13
vulnerability VCID-at5c-f8p8-67fh
14
vulnerability VCID-b7zy-qhz9-tuar
15
vulnerability VCID-bgbt-j1n9-6yg5
16
vulnerability VCID-cm62-bsdz-yye2
17
vulnerability VCID-czjh-bpfk-3yh6
18
vulnerability VCID-dk2f-14xj-9bf8
19
vulnerability VCID-gfxq-vtry-bqgg
20
vulnerability VCID-hgj2-vqzn-gyeb
21
vulnerability VCID-j5su-cnqd-6yad
22
vulnerability VCID-mdde-pa5h-w7g4
23
vulnerability VCID-p9xh-frm5-8ucp
24
vulnerability VCID-sf53-bgb2-7ue2
25
vulnerability VCID-tgd1-s1yg-9fdt
26
vulnerability VCID-vgp6-jxqt-pbf4
27
vulnerability VCID-y4qu-21c9-6fav
28
vulnerability VCID-y5uq-a6dx-3yd4
29
vulnerability VCID-ygbu-vb2t-jqhx
30
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20
2
url pkg:maven/org.apache.struts/struts2-core@2.3.20.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.20.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-3yq7-n972-j7dh
3
vulnerability VCID-4agy-6nsx-7ufh
4
vulnerability VCID-579w-2k2v-efa2
5
vulnerability VCID-6hrc-fm64-ckhf
6
vulnerability VCID-74ab-1p1c-4qbd
7
vulnerability VCID-79j9-v8gz-rfax
8
vulnerability VCID-7c97-nj5a-hqb8
9
vulnerability VCID-7fgd-jnfe-gkhp
10
vulnerability VCID-87fh-rvvb-6ubq
11
vulnerability VCID-8bsh-bshc-vkgq
12
vulnerability VCID-95ts-vpk6-uubg
13
vulnerability VCID-at5c-f8p8-67fh
14
vulnerability VCID-b7zy-qhz9-tuar
15
vulnerability VCID-bgbt-j1n9-6yg5
16
vulnerability VCID-cm62-bsdz-yye2
17
vulnerability VCID-czjh-bpfk-3yh6
18
vulnerability VCID-dk2f-14xj-9bf8
19
vulnerability VCID-gfxq-vtry-bqgg
20
vulnerability VCID-hgj2-vqzn-gyeb
21
vulnerability VCID-j5su-cnqd-6yad
22
vulnerability VCID-mdde-pa5h-w7g4
23
vulnerability VCID-sf53-bgb2-7ue2
24
vulnerability VCID-tgd1-s1yg-9fdt
25
vulnerability VCID-vgp6-jxqt-pbf4
26
vulnerability VCID-y4qu-21c9-6fav
27
vulnerability VCID-y5uq-a6dx-3yd4
28
vulnerability VCID-ygbu-vb2t-jqhx
29
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.1
3
url pkg:maven/org.apache.struts/struts2-core@2.3.21
purl pkg:maven/org.apache.struts/struts2-core@2.3.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-579w-2k2v-efa2
1
vulnerability VCID-7fgd-jnfe-gkhp
2
vulnerability VCID-czjh-bpfk-3yh6
3
vulnerability VCID-mdde-pa5h-w7g4
4
vulnerability VCID-y4qu-21c9-6fav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.21
4
url pkg:maven/org.apache.struts/struts2-core@2.3.24
purl pkg:maven/org.apache.struts/struts2-core@2.3.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2chz-36wn-9fcv
1
vulnerability VCID-2rjv-1thm-dugt
2
vulnerability VCID-3yq7-n972-j7dh
3
vulnerability VCID-4agy-6nsx-7ufh
4
vulnerability VCID-6hrc-fm64-ckhf
5
vulnerability VCID-74ab-1p1c-4qbd
6
vulnerability VCID-79j9-v8gz-rfax
7
vulnerability VCID-7c97-nj5a-hqb8
8
vulnerability VCID-7fgd-jnfe-gkhp
9
vulnerability VCID-87fh-rvvb-6ubq
10
vulnerability VCID-8bsh-bshc-vkgq
11
vulnerability VCID-95ts-vpk6-uubg
12
vulnerability VCID-at5c-f8p8-67fh
13
vulnerability VCID-b7zy-qhz9-tuar
14
vulnerability VCID-bgbt-j1n9-6yg5
15
vulnerability VCID-cm62-bsdz-yye2
16
vulnerability VCID-czjh-bpfk-3yh6
17
vulnerability VCID-dk2f-14xj-9bf8
18
vulnerability VCID-gfxq-vtry-bqgg
19
vulnerability VCID-hgj2-vqzn-gyeb
20
vulnerability VCID-j5su-cnqd-6yad
21
vulnerability VCID-sf53-bgb2-7ue2
22
vulnerability VCID-tgd1-s1yg-9fdt
23
vulnerability VCID-vgp6-jxqt-pbf4
24
vulnerability VCID-y4qu-21c9-6fav
25
vulnerability VCID-y5uq-a6dx-3yd4
26
vulnerability VCID-ygbu-vb2t-jqhx
27
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24
5
url pkg:maven/org.apache.struts/struts2-core@2.3.24.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.24.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rjv-1thm-dugt
1
vulnerability VCID-3yq7-n972-j7dh
2
vulnerability VCID-4agy-6nsx-7ufh
3
vulnerability VCID-6hrc-fm64-ckhf
4
vulnerability VCID-74ab-1p1c-4qbd
5
vulnerability VCID-79j9-v8gz-rfax
6
vulnerability VCID-7c97-nj5a-hqb8
7
vulnerability VCID-7fgd-jnfe-gkhp
8
vulnerability VCID-87fh-rvvb-6ubq
9
vulnerability VCID-8bsh-bshc-vkgq
10
vulnerability VCID-95ts-vpk6-uubg
11
vulnerability VCID-at5c-f8p8-67fh
12
vulnerability VCID-b7zy-qhz9-tuar
13
vulnerability VCID-bgbt-j1n9-6yg5
14
vulnerability VCID-cm62-bsdz-yye2
15
vulnerability VCID-czjh-bpfk-3yh6
16
vulnerability VCID-dk2f-14xj-9bf8
17
vulnerability VCID-gfxq-vtry-bqgg
18
vulnerability VCID-hgj2-vqzn-gyeb
19
vulnerability VCID-j5su-cnqd-6yad
20
vulnerability VCID-sf53-bgb2-7ue2
21
vulnerability VCID-tgd1-s1yg-9fdt
22
vulnerability VCID-vgp6-jxqt-pbf4
23
vulnerability VCID-y4qu-21c9-6fav
24
vulnerability VCID-y5uq-a6dx-3yd4
25
vulnerability VCID-ygbu-vb2t-jqhx
26
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.1
6
url pkg:maven/org.apache.struts/struts2-core@2.3.25
purl pkg:maven/org.apache.struts/struts2-core@2.3.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-579w-2k2v-efa2
1
vulnerability VCID-7fgd-jnfe-gkhp
2
vulnerability VCID-czjh-bpfk-3yh6
3
vulnerability VCID-mdde-pa5h-w7g4
4
vulnerability VCID-y4qu-21c9-6fav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.25
7
url pkg:maven/org.apache.struts/struts2-core@2.3.28
purl pkg:maven/org.apache.struts/struts2-core@2.3.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rjv-1thm-dugt
1
vulnerability VCID-3yq7-n972-j7dh
2
vulnerability VCID-579w-2k2v-efa2
3
vulnerability VCID-74ab-1p1c-4qbd
4
vulnerability VCID-79j9-v8gz-rfax
5
vulnerability VCID-7c97-nj5a-hqb8
6
vulnerability VCID-7fgd-jnfe-gkhp
7
vulnerability VCID-87fh-rvvb-6ubq
8
vulnerability VCID-8bsh-bshc-vkgq
9
vulnerability VCID-95ts-vpk6-uubg
10
vulnerability VCID-b7zy-qhz9-tuar
11
vulnerability VCID-bgbt-j1n9-6yg5
12
vulnerability VCID-cm62-bsdz-yye2
13
vulnerability VCID-czjh-bpfk-3yh6
14
vulnerability VCID-dk2f-14xj-9bf8
15
vulnerability VCID-gfxq-vtry-bqgg
16
vulnerability VCID-hgj2-vqzn-gyeb
17
vulnerability VCID-mdde-pa5h-w7g4
18
vulnerability VCID-sf53-bgb2-7ue2
19
vulnerability VCID-tgd1-s1yg-9fdt
20
vulnerability VCID-vgp6-jxqt-pbf4
21
vulnerability VCID-y4qu-21c9-6fav
22
vulnerability VCID-y5uq-a6dx-3yd4
23
vulnerability VCID-ygbu-vb2t-jqhx
24
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3087.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3087.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3087
reference_id
reference_type
scores
0
value 0.87007
scoring_system epss
scoring_elements 0.99431
published_at 2026-04-02T12:55:00Z
1
value 0.87007
scoring_system epss
scoring_elements 0.99433
published_at 2026-04-04T12:55:00Z
2
value 0.87007
scoring_system epss
scoring_elements 0.99432
published_at 2026-04-01T12:55:00Z
3
value 0.87007
scoring_system epss
scoring_elements 0.9944
published_at 2026-04-21T12:55:00Z
4
value 0.87007
scoring_system epss
scoring_elements 0.99438
published_at 2026-04-13T12:55:00Z
5
value 0.87007
scoring_system epss
scoring_elements 0.99437
published_at 2026-04-12T12:55:00Z
6
value 0.87007
scoring_system epss
scoring_elements 0.99436
published_at 2026-04-11T12:55:00Z
7
value 0.87007
scoring_system epss
scoring_elements 0.99435
published_at 2026-04-09T12:55:00Z
8
value 0.87007
scoring_system epss
scoring_elements 0.99434
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3087
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f
4
reference_url https://github.com/apache/struts/commit/98d2692e434fe7f4d445ade24fe2c9860de1c13f
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/98d2692e434fe7f4d445ade24fe2c9860de1c13f
5
reference_url http://struts.apache.org/docs/s2-033.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/docs/s2-033.html
6
reference_url https://web.archive.org/web/20160616082237/http://www.securitytracker.com/id/1036017
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160616082237/http://www.securitytracker.com/id/1036017
7
reference_url https://web.archive.org/web/20160728170709/http://www.securityfocus.com/bid/90960
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160728170709/http://www.securityfocus.com/bid/90960
8
reference_url https://www.exploit-db.com/exploits/39919
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/39919
9
reference_url https://www.exploit-db.com/exploits/39919/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/39919/
10
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21987854
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21987854
11
reference_url http://www.securityfocus.com/bid/90960
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/90960
12
reference_url http://www.securitytracker.com/id/1036017
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1036017
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1341674
reference_id 1341674
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1341674
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
19
reference_url https://github.com/nixawk/labs/blob/bf31676e55f0010adf9634269f86a61cc44e7102/CVE-2016-3087/
reference_id CVE-2016-3087
reference_type exploit
scores
url https://github.com/nixawk/labs/blob/bf31676e55f0010adf9634269f86a61cc44e7102/CVE-2016-3087/
20
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/39919.rb
reference_id CVE-2016-3087
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/39919.rb
21
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/43382.py
reference_id CVE-2016-3087
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/43382.py
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3087
reference_id CVE-2016-3087
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3087
23
reference_url https://github.com/advisories/GHSA-mmj6-cjj4-hpr5
reference_id GHSA-mmj6-cjj4-hpr5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmj6-cjj4-hpr5
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
2
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
0
date_added 2016-06-10
description Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution (Metasploit)
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2016-06-10
exploit_type remote
platform multiple
source_date_updated 2016-06-10
data_source Exploit-DB
source_url
1
date_added null
description 
This module exploits a remote command execution vulnerability in Apache Struts
          version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code
          Execution can be performed when using REST Plugin with ! operator when
          Dynamic Method Invocation is enabled.
required_action null
due_date null
notes 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published 2016-06-01
exploit_type null
platform Java,Linux,Windows
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/struts_dmi_rest_exec.rb
Severity_range_score7.5 - 10.0
Exploitability2.0
Weighted_severity9.0
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-7fgd-jnfe-gkhp