cvedb.io
CVE-2016-3087
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2016-06-07T18:59:02.713 · Last modified 2026-06-17T00:44:56.647

Summary

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.

Affected products

apache — struts

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.