2017-10-16 12:31:07 -04:00
{
2019-03-18 02:25:52 +00:00
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org" ,
"DATE_PUBLIC" : "2016-10-18T00:00:00" ,
"ID" : "CVE-2016-6795" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Struts" ,
"version" : {
"version_data" : [
{
"version_value" : "2.3.20 - 2.3.30"
}
]
}
}
]
} ,
"vendor_name" : "Apache Software Foundation"
}
]
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
2017-10-16 12:31:07 -04:00
{
2019-03-18 02:25:52 +00:00
"lang" : "eng" ,
"value" : "In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side."
2017-10-16 12:31:07 -04:00
}
2019-03-18 02:25:52 +00:00
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "Possible path traversal in the Convention plugin"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"name" : "93773" ,
"refsource" : "BID" ,
"url" : "http://www.securityfocus.com/bid/93773"
} ,
{
"name" : "https://struts.apache.org/docs/s2-042.html" ,
"refsource" : "CONFIRM" ,
"url" : "https://struts.apache.org/docs/s2-042.html"
} ,
{
"name" : "https://security.netapp.com/advisory/ntap-20180629-0003/" ,
"refsource" : "CONFIRM" ,
"url" : "https://security.netapp.com/advisory/ntap-20180629-0003/"
}
]
}
}
