Apache Struts – Dynamic Method Invocation – Remote Code Execution
CVE-2016-3081: Apache Struts 2.x before 126.96.36.199, 2.3.24.x before 188.8.131.52 and 2.3.28.x before 184.108.40.206, when Dynamic Method Invocation is enabled allows remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
Impact: Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition.
Mitigation: Vendor has released patch version.
Press release April 2023: Situational Security Alerts from CIRT
21 Apr 2023 - Articles, English articles, News, Notice, Security Advisories & Alerts
Security Best Practices
29 Mar 2023 - Security Advisories & Alerts