CVE-2016-3087

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.3.19 through 2.3.28

Description The issue allows remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin when Dynamic Method Invocation is enabled.

Recommendations For Apache Struts versions 2.3.19 through 2.3.28, consider disabling Dynamic Method Invocation as a temporary workaround until a patch is available. Restrict access to the REST Plugin to minimize the risk of exploitation. Avoid using the ! operator in the affected REST Plugin until the issue is resolved.