← back
CVE-2016-3087

CVE-2016-3087

60Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 81%
from disclosure to weapon3 days
Published on NVDJun 7
1st PoC+3d
metasploitJun 1
exploitation probability
81%top 1% of all CVEs
observed exploitation
nono source reports it
3 public exploit(s)
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.