CVE-2016-15057

EPSS 32.98%
Veröffentlicht 26.01.2026 11:29:03
Zuletzt bearbeitet 27.01.2026 20:29:50
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Continuum.

This issue affects Apache Continuum: all versions.

Attackers with access to the installations REST API can use this to invoke arbitrary commands on the server.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Continuum

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	32.98%	0.968

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://lists.apache.org/thread/hbvf1ztqw2kv51khvzm5nk3mml3nm4z1

Mailing List

http://www.openwall.com/lists/oss-security/2026/01/26/1

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2016-15057

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-15057

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-15057

EUVD