CVE-2016-3081 Apache Struts
漏洞信息
漏洞名称:Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
漏洞分类:Unknown BugtraqID:87327
远程溢出:Yes 本地溢出:No
发布日期:2016-04-22 12:00:00 更新日期:2016-07-22 02:00:00
漏洞作者:Nike Zheng
受影响的程序版本
Oracle MICROS Retail XBRi Loss Prevention 10.8.1
Oracle MICROS Retail XBRi Loss Prevention 10.8
Oracle MICROS Retail XBRi Loss Prevention 10.7
Oracle MICROS Retail XBRi Loss Prevention 10.6
Oracle MICROS Retail XBRi Loss Prevention 10.5
Oracle MICROS Retail XBRi Loss Prevention 10.0.1
Huawei OceanStor Onebox V100R003C10
Huawei OceanStor N8500 V200R001C91
Huawei OceanStor N8500 V200R001C09
Huawei OceanStor 9000 V300R005C00
Huawei OceanStor 5800 V3 0
Huawei LogCenter V100R001C20
Huawei FireHunter6000 V100R001C20
Huawei AnyOffice V200R006C00
Huawei Agile Controller-Campus V100R002C00
Apache Struts 2.3.28
Apache Struts 2.3.24
Apache Struts 2.3.4 1
Apache Struts 2.3.4
Apache Struts 2.2.3
Apache Struts 2.2.1 1
Apache Struts 2.2
Apache Struts 2.1.8 .1
Apache Struts 2.1.8
Apache Struts 2.1.6
Apache Struts 2.1.5
Apache Struts 2.1.2
Apache Struts 2.1.1
Apache Struts 2.1.1
Apache Struts 2.1
Apache Struts 2.0.14
Apache Struts 2.0.12
Apache Struts 2.0.11 .1
Apache Struts 2.0.11
Apache Struts 2.0.10
Apache Struts 2.0.9
Apache Struts 2.0.8
Apache Struts 2.0.7
Apache Struts 2.0.6
Apache Struts 2.0.5
Apache Struts 2.0.4
Apache Struts 2.0.3
Apache Struts 2.0.2
Apache Struts 2.0.1
Apache Struts 2.0
Apache Struts 2.3.8
Apache Struts 2.3.7
Apache Struts 2.3.20.1
Apache Struts 2.3.20
Apache Struts 2.3.16.3
Apache Struts 2.3.16.2
Apache Struts 2.3.16.1
Apache Struts 2.3.16
Apache Struts 2.3.15.3
Apache Struts 2.3.15.2
Apache Struts 2.3.15.1
Apache Struts 2.3.15
Apache Struts 2.3.14.3
Apache Struts 2.3.14.2
Apache Struts 2.3.14.1
Apache Struts 2.3.14
Apache Struts 2.3.1.2
Apache Struts 2.3.1.1
Apache Struts 2.3.1
Apache Struts 2.2.3.1
Apache Struts 2.1.4
Apache Struts 2.1.3
Apache Struts 2.0.13
,Huawei LogCenter V100R001C20SPC102
Huawei AnyOffice EMM V200R006C00SPC101
Huawei Agile Controller-Campus V100R002C00SPC106T
Apache Struts 2.3.24.2
Apache Struts 2.3.20.2
不受影响的程序版本
Huawei LogCenter V100R001C20SPC102
Huawei AnyOffice EMM V200R006C00SPC101
Huawei Agile Controller-Campus V100R002C00SPC106T
Apache Struts 2.3.24.2
Apache Struts 2.3.20.2
漏洞讨论
Apache Struts is prone to a remote code-execution vulnerability.
Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition.
漏洞利用
The following exploit code is available:
/data/vulnerabilities/exploits/87327.rb
解决方案
Updates are available. Please see the references or vendor advisory for more information.
相关参考
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://struts.apache.org/docs/s2-032.html
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20160427-01-struts2-en