CVE-2016-15057

EPSS 28.89%
Veröffentlicht 26.01.2026 11:29:03
Zuletzt bearbeitet 27.01.2026 20:29:50
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Continuum: Command injection leading to RCE

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Continuum.

This issue affects Apache Continuum: all versions.

Attackers with access to the installations REST API can use this to invoke arbitrary commands on the server.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Continuum

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	28.89%	0.965

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://lists.apache.org/thread/hbvf1ztqw2kv51khvzm5nk3mml3nm4z1

Mailing List

http://www.openwall.com/lists/oss-security/2026/01/26/1

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2016-15057

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-15057

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-15057

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-15057