HTTP: Apache Struts XSLTResult File Inclusion
This signature detects attempts to exploit a known vulnerability against Apache's Struts 2 web application framework. A successful attack attempt could result in the execution of arbitrary code.
Extended Description
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
Affected Products
Apache struts
References
CVE: CVE-2016-3082
URL: http://securitytracker.com/id?1035664 http://struts.apache.org/docs/s2-031.html
Short Name
HTTP:APACHE:STRUTS-XSLT-FI
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2016-3082 File Inclusion Struts XSLTResult
Release Date
05/17/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Apache
CVSS Score
10.0