PT-2016-5365 · Apache · Ognl+1

Publicado

2016-06-07

Atualizado

2023-02-12

CVE-2016-3093

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 2.3.24.1

Description The issue is related to improper caching of method references when Apache Struts is used with OGNL before version 3.0.12. This allows remote attackers to cause a denial of service, which can block access to a web site, via unspecified vectors.

Recommendations For Apache Struts versions 2.0.0 through 2.3.24.1, consider updating OGNL to version 3.0.12 or later to resolve the issue. As a temporary workaround, restrict access to the affected OGNL functionality until the issue is resolved.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2016-3093

GHSA-383P-XQXX-RRMP

Produtos afetados

Apache Struts

Ognl

PT-2016-5365 · Apache · Ognl+1

CVE-2016-3093

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11