8.8
CVSSv3

CVE-2016-3090

Published: 30/10/2017 Updated: 01/07/2018
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

The TextParseUtil.translateVariables method in Apache Struts 2.x prior to 2.3.20 allows remote malicious users to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache struts 2.3.1.1

apache struts 2.0.9

apache struts 2.3.5

apache struts 2.0.12

apache struts 2.2.3.1

apache struts 2.1.0

apache struts 2.3.15

apache struts 2.3.14

apache struts 2.0.8

apache struts 2.0.7

apache struts 2.0.4

apache struts 2.3.13

apache struts 2.2.1

apache struts 2.3.16

apache struts 2.3.17

apache struts 2.3.9

apache struts 2.1.8.1

apache struts 2.3.3

apache struts 2.3.16.3

apache struts 2.3.4

apache struts 2.1.3

apache struts 2.3.6

apache struts 2.1.2

apache struts 2.1.5

apache struts 2.0.1

apache struts 2.3.15.2

apache struts 2.3.14.3

apache struts 2.3.19

apache struts 2.0.2

apache struts 2.1.8

apache struts 2.3.4.1

apache struts 2.0.11.1

apache struts 2.3.8

apache struts 2.3.7

apache struts 2.0.3

apache struts 2.3.14.2

apache struts 2.0.14

apache struts 2.3.10

apache struts 2.3.15.1

apache struts 2.3.1

apache struts 2.0.11

apache struts 2.3.16.2

apache struts 2.1.6

apache struts 2.0.5

apache struts 2.2.3

apache struts 2.3.12

apache struts 2.1.4

apache struts 2.2.1.1

apache struts 2.0.11.2

apache struts 2.0.13

apache struts 2.3.1.2

apache struts 2.3.11

apache struts 2.3.15.3

apache struts 2.3.16.1

apache struts 2.1.1

apache struts 2.0.6

apache struts 2.0.10

apache struts 2.3.14.1

apache struts 2.1.7