Apache Struts – Dynamic Method Invocation – Remote Code Execution
CVE-2016-3081: Apache Struts 2.x before 126.96.36.199, 2.3.24.x before 188.8.131.52 and 2.3.28.x before 184.108.40.206, when Dynamic Method Invocation is enabled allows remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
Impact: Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition.
Mitigation: Vendor has released patch version.
02 Nov 2022 - Security Advisories & Alerts
20 Oct 2022 - Security Advisories & Alerts