CVE-2016-6795

State: PUBLISHED · Published: 2017-09-20 · Updated: 2024-09-17 · Assigner: apache

Description

In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.

CWE

(none)

Affected

Apache Software Foundation / Apache Struts — v=2.3.x before 2.3.31 [affected]; v=2.5.x before 2.5.5 [affected]

CVSS

(none)

References

http://www.securityfocus.com/bid/93773 vdb-entry, x_refsource_BID
https://struts.apache.org/docs/s2-042.html x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180629-0003/ x_refsource_CONFIRM

Source

cvelistV5-main/cves/2016/6xxx/CVE-2016-6795.json