View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-3081 severity important: SUSE including 3 source package names (struts, struts-javadoc, struts-manual), 4 product×package rows across 2 product lines (SUSE Linux Enterprise Software Development Kit 11 SP4, SUSE Manager Server 2.1): Known Not Affected 4.
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.