Arbitrary Code Execution via XSLTResult in Apache Struts 2.x

Arbitrary Code Execution via XSLTResult in Apache Struts 2.x

CVE-2016-3082 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.

Learn more about our Cis Benchmark Audit For Apache Http Server.