CVE-2016-4438

The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.

Date published : 2016-07-04

http://www.securityfocus.com/bid/91275

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html