CVE-2016-4438

CRITICAL

Apache Struts 2.3.19-2.3.28.1 - Remote Code Execution via REST Plugin

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-4438. PoCs published by jason3e7, tafamace.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2016-4438, a remote code execution vulnerability in Apache Struts2. The PoC demonstrates OGNL injection to execute arbitrary commands on the target system.

Description

The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.

Exploits (2)

nomisec WORKING POC 1 stars

by jason3e7 · poc

https://github.com/jason3e7/CVE-2016-4438

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2016-4438, a remote code execution vulnerability in Apache Struts2. The PoC demonstrates OGNL injection to execute arbitrary commands on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Struts2 (versions affected by CVE-2016-4438)

No auth needed

Prerequisites: Target system running vulnerable Apache Struts2 · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec STUB

by tafamace · poc

https://github.com/tafamace/CVE-2016-4438

View Code ZIP pw:eip

The repository contains a minimal Java project with a generic Main.java file that prints command-line arguments and a Travis CI configuration. There is no exploit code or technical details related to CVE-2016-4438.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Unknown (no specific software targeted)

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Issue Tracking, Third Party Advisory, VDB Entry x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=1348238

Third Party Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/91275

Vendor Advisory x_refsource_confirm

https://struts.apache.org/docs/s2-037.html

VDB Entry, Vendor Advisory third-party-advisory x_refsource_jvndb

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Vendor Advisory third-party-advisory x_refsource_jvn

http://jvn.jp/en/jp/JVN07710476/index.html

Scores

CVSS v3 9.8

EPSS 0.6209

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (9)

apache/struts 2.3.20

apache/struts 2.3.20.1

apache/struts 2.3.20.3

apache/struts 2.3.24

apache/struts 2.3.24.1

apache/struts 2.3.24.3

apache/struts 2.3.28

org.apache.struts/struts2-core 2.3.19 - 2.3.29Maven

org.apache.struts/struts2-rest-plugin 2.3.19 - 2.3.29Maven

Published Jul 04, 2016

Tracked Since Feb 18, 2026