Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:APACHE:STRUTS-RST-DMI-EXEC
Severity	Major
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Apache Struts REST Plugin DMI Code Execution
Release Date	2016/06/28
Update Number	2749
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Apache Struts REST Plugin DMI Code Execution

This signature detects attempts to exploit a known vulnerability against Apache Struts. A successful attack can lead to arbitrary code execution.

Extended Description

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.

Affected Products

Apache struts 2.3.20
Apache struts 2.3.20.1
Apache struts 2.3.24
Apache struts 2.3.24.1
Apache struts 2.3.28

References

CVE: CVE-2016-3087
URL: https://www.seebug.org/vuldb/ssvid-91741

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Apache Struts REST Plugin DMI Code Execution

Extended Description

Affected Products

References