收藏 [登录/注册] 欢迎
榕基博客
榕基门户网及子站
联系我们
  • 福建榕基软件股份有限公司
  • 电话:0591-87860988
  • 传真:0591-87869595
  • 地址:福建省福州市鼓楼区
  •    软件大道89号
  •    A区15座
  • 邮编:350003
联系榕基全国各分支机构
您的当前位置:首页 > 技术支持 > 漏洞公告

CVE-2016-3081 Apache Struts

漏洞信息

漏洞名称:Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability

漏洞分类:Unknown                  BugtraqID:87327

远程溢出:Yes                      本地溢出:No

发布日期:2016-04-22 12:00:00      更新日期:2016-07-22 02:00:00

漏洞作者:Nike Zheng

受影响的程序版本

Oracle MICROS Retail XBRi Loss Prevention 10.8.1

Oracle MICROS Retail XBRi Loss Prevention 10.8

Oracle MICROS Retail XBRi Loss Prevention 10.7

Oracle MICROS Retail XBRi Loss Prevention 10.6

Oracle MICROS Retail XBRi Loss Prevention 10.5

Oracle MICROS Retail XBRi Loss Prevention 10.0.1

Huawei OceanStor Onebox V100R003C10

Huawei OceanStor N8500 V200R001C91

Huawei OceanStor N8500 V200R001C09

Huawei OceanStor 9000 V300R005C00

Huawei OceanStor 5800 V3 0

Huawei LogCenter V100R001C20

Huawei FireHunter6000 V100R001C20

Huawei AnyOffice V200R006C00

Huawei Agile Controller-Campus V100R002C00

Apache Struts 2.3.28

Apache Struts 2.3.24

Apache Struts 2.3.4 1

Apache Struts 2.3.4

Apache Struts 2.2.3

Apache Struts 2.2.1 1

Apache Struts 2.2

Apache Struts 2.1.8 .1

Apache Struts 2.1.8

Apache Struts 2.1.6

Apache Struts 2.1.5

Apache Struts 2.1.2

Apache Struts 2.1.1

Apache Struts 2.1.1

Apache Struts 2.1

Apache Struts 2.0.14

Apache Struts 2.0.12

Apache Struts 2.0.11 .1

Apache Struts 2.0.11

Apache Struts 2.0.10

Apache Struts 2.0.9

Apache Struts 2.0.8

Apache Struts 2.0.7

Apache Struts 2.0.6

Apache Struts 2.0.5

Apache Struts 2.0.4

Apache Struts 2.0.3

Apache Struts 2.0.2

Apache Struts 2.0.1

Apache Struts 2.0

Apache Struts 2.3.8

Apache Struts 2.3.7

Apache Struts 2.3.20.1

Apache Struts 2.3.20

Apache Struts 2.3.16.3

Apache Struts 2.3.16.2

Apache Struts 2.3.16.1

Apache Struts 2.3.16

Apache Struts 2.3.15.3

Apache Struts 2.3.15.2

Apache Struts 2.3.15.1

Apache Struts 2.3.15

Apache Struts 2.3.14.3

Apache Struts 2.3.14.2

Apache Struts 2.3.14.1

Apache Struts 2.3.14

Apache Struts 2.3.1.2

Apache Struts 2.3.1.1

Apache Struts 2.3.1

Apache Struts 2.2.3.1

Apache Struts 2.1.4

Apache Struts 2.1.3

Apache Struts 2.0.13

,Huawei LogCenter V100R001C20SPC102

Huawei AnyOffice EMM V200R006C00SPC101

Huawei Agile Controller-Campus V100R002C00SPC106T

Apache Struts 2.3.24.2

Apache Struts 2.3.20.2

不受影响的程序版本

Huawei LogCenter V100R001C20SPC102

Huawei AnyOffice EMM V200R006C00SPC101

Huawei Agile Controller-Campus V100R002C00SPC106T

Apache Struts 2.3.24.2

Apache Struts 2.3.20.2

漏洞讨论

Apache Struts is prone to a remote code-execution vulnerability.

 

Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition.

漏洞利用

The following exploit code is available:

 

/data/vulnerabilities/exploits/87327.rb

解决方案

Updates are available. Please see the references or vendor advisory for more information.

相关参考

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

https://struts.apache.org/docs/s2-032.html

http://www.huawei.com/en/psirt/security-notices/huawei-sn-20160427-01-struts2-en