Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2016-6795

In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.096
EPSS Ranking 92.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2016-6795
  • Apache » Struts » Version: 2.3.20
    cpe:2.3:a:apache:struts:2.3.20
  • Apache » Struts » Version: 2.3.20.1
    cpe:2.3:a:apache:struts:2.3.20.1
  • Apache » Struts » Version: 2.3.20.2
    cpe:2.3:a:apache:struts:2.3.20.2
  • Apache » Struts » Version: 2.3.20.3
    cpe:2.3:a:apache:struts:2.3.20.3
  • Apache » Struts » Version: 2.3.21
    cpe:2.3:a:apache:struts:2.3.21
  • Apache » Struts » Version: 2.3.22
    cpe:2.3:a:apache:struts:2.3.22
  • Apache » Struts » Version: 2.3.23
    cpe:2.3:a:apache:struts:2.3.23
  • Apache » Struts » Version: 2.3.24
    cpe:2.3:a:apache:struts:2.3.24
  • Apache » Struts » Version: 2.3.24.1
    cpe:2.3:a:apache:struts:2.3.24.1
  • Apache » Struts » Version: 2.3.24.2
    cpe:2.3:a:apache:struts:2.3.24.2
  • Apache » Struts » Version: 2.3.24.3
    cpe:2.3:a:apache:struts:2.3.24.3
  • Apache » Struts » Version: 2.3.25
    cpe:2.3:a:apache:struts:2.3.25
  • Apache » Struts » Version: 2.3.26
    cpe:2.3:a:apache:struts:2.3.26
  • Apache » Struts » Version: 2.3.27
    cpe:2.3:a:apache:struts:2.3.27
  • Apache » Struts » Version: 2.3.28
    cpe:2.3:a:apache:struts:2.3.28
  • Apache » Struts » Version: 2.3.28.1
    cpe:2.3:a:apache:struts:2.3.28.1
  • Apache » Struts » Version: 2.3.29
    cpe:2.3:a:apache:struts:2.3.29
  • Apache » Struts » Version: 2.3.30
    cpe:2.3:a:apache:struts:2.3.30


Products
Pricing
Contact Us

Shodan ® - All rights reserved