Back to bug 1331015
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Martin Prpič | 2016-04-27 13:03:15 UTC | Status | NEW | CLOSED |
| Resolution | --- | NOTABUG | ||
| Whiteboard | impact=important,public=20160426,reported=20160426,source=cvenew,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,jboss/struts=notaffected | impact=important,public=20160426,reported=20160426,source=cve,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,jboss/struts=notaffected | ||
| Last Closed | 2016-04-27 09:03:15 UTC | |||
| Martin Prpič | 2016-04-27 13:04:00 UTC | Summary | CVE-2016-3081 Struts2: XSLTResult can be used to parse arbitrary stylesheet (S2-032) | CVE-2016-3081 Struts2: RCE via method: prefix when Dynamic Method Invocation is enabled (S2-032) |
| Martin Prpič | 2016-04-27 13:05:38 UTC | Fixed In Version | Struts 2.3.20.3, Struts 2.3.24.3 Struts 2.3.28.1. | Struts 2.3.20.3, Struts 2.3.24.3 Struts 2.3.28.1 |
| Martin Prpič | 2016-04-27 13:05:51 UTC | Fixed In Version | Struts 2.3.20.3, Struts 2.3.24.3 Struts 2.3.28.1 | Struts 2.3.20.3, Struts 2.3.24.3, Struts 2.3.28.1 |
| Product Security DevOps Team | 2019-09-29 13:48:22 UTC | Whiteboard | impact=important,public=20160426,reported=20160426,source=cve,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,jboss/struts=notaffected |
Back to bug 1331015