Test ID:	1.3.6.1.4.1.25623.1.0.107007
Category:	Web application abuses
Title:	Apache Struts Security Update (S2-032) - Active Check
Summary:	Apache Struts is prone to a remote code execution; (RCE) vulnerability.
Description:	Summary: Apache Struts is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: The Dynamic Method Invocation bug lets remote users execute arbitrary code on the target system. The RCE can be performed via method: prefix when Dynamic Method Invocation is enabled. Vulnerability Impact: Successful exploitation allows unauthorized disclosure of information, unauthorized modification and disruption of service. Affected Software/OS: Apache Struts 2.3.20 through 2.3.28 (except 2.3.20.3 and 2.3.24.3). Solution: Disable Dynamic Method Invocation when possible or update to version 2.3.20.3, 2.3.24.3, 2.3.28.1 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3081 BugTraq ID: 87327 http://www.securityfocus.com/bid/87327 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 https://www.exploit-db.com/exploits/39756/ http://packetstormsecurity.com/files/136856/Apache-Struts-2.3.28-Dynamic-Method-Invocation-Remote-Code-Execution.html http://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exec http://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_exec http://www.securitytracker.com/id/1035665
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.