Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:APACHE:REST-RCE
Severity	Major
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Apache Struts CVE-2016-4438 Remote Code Execution
Release Date	2016/09/08
Update Number	2776
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Apache Struts CVE-2016-4438 Remote Code Execution

This signature detects attempts to exploit a known vulnerability in the REST plugin of Apache Struts. A successful attack can lead to arbitrary code execution.

Extended Description

The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.

Affected Products

Apache struts 2.3.20
Apache struts 2.3.20.1
Apache struts 2.3.20.3
Apache struts 2.3.24
Apache struts 2.3.24.1
Apache struts 2.3.24.3
Apache struts 2.3.28

References

BugTraq: 91275
CVE: CVE-2016-4438
URL: http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000110.html

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Apache Struts CVE-2016-4438 Remote Code Execution

Extended Description

Affected Products

References