CVE-2016-3087
60Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 81%
from disclosure to weapon3 days
Published on NVDJun 7
1st PoC+3d
metasploitJun 1
exploitation probability
81%top 1% of all CVEs
observed exploitation
nono source reports it
3 public exploit(s)
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencewww.exploit-db.com/exploits/39919/unverifiedexploitdbwww.exploit-db.com/exploits/43382unverifiedexploitdbwww.exploit-db.com/exploits/39919unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.