CVE-2016-6795

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-6795
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6795.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-6795
Aliases
Published
2017-09-20T17:29:00Z
Modified
2024-09-03T01:24:00.793319Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.

References

Affected packages

Git / github.com/apache/struts

Affected ranges

Type
GIT
Repo
https://github.com/apache/struts
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
013077abcb8d450d7313fb9fc766fe45f0b6f9c5
Last affected
0320310406f6b11cfd235d7a9b866cf1de483a1e
Last affected
0ac8932aa3a1b28a8f950863c17165cdc63b1474
Last affected
22573f8de8b33ead0fee88eb67817985464218bb
Last affected
2cf0a7efeb12c8f476e31324dc56456b340ddeab
Last affected
36b6fff05cd4a17f75b091c0edd52e0c1e65ec06
Last affected
5c61c9a5752109a00ccdadbce3d4adb681f82c9a
Last affected
7a9863169f7d981be0d2d57437974ae2cc0c8bd3
Last affected
8a59ed02c958db9213f0e54d816882a902891761
Last affected
8ca0f2fc464f592fa95d8435d0924c3b9da981ef
Last affected
925741ad1e8e48c7a6d687fe02d3fdb6386eb64c
Last affected
a40e9a90bf8b5039728ff312852991e7d580bff4
Last affected
a6e72347d2179a6d1a84acc0db54615c6f4b274c
Last affected
a9974eec5689a7113a6fb1e2096252f0935064dd
Last affected
bb22c585b5b52967fab033dba02cd244cd5b5b7a
Last affected
bbbf43ec59e7bef3b07e9065dc9784c18a95d58b
Last affected
d469fffed912764f7af2da861319815d088a66e8
Last affected
d793648069386ce90fc9eae31e119de1a675f15a

Affected versions

Other

STRUTS_2_2_1
STRUTS_2_3_14
STRUTS_2_3_16_1
STRUTS_2_3_16_2
STRUTS_2_3_16_3
STRUTS_2_3_17
STRUTS_2_3_19
STRUTS_2_3_20
STRUTS_2_3_21
STRUTS_2_3_22
STRUTS_2_3_23
STRUTS_2_3_24
STRUTS_2_3_24_1
STRUTS_2_3_25
STRUTS_2_3_26