CVE-2016-4436

6 documents6 sources
Severity
9.8CRITICAL
EPSS
5.7%
top 9.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Struts
Timeline
PublishedOct 3
Latest updateMay 17

Description

Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

โ–ถMavenorg.apache.struts:struts2-core2.0.0 โ€” 2.3.29+1
โ–ถNVDapache/struts52 versions+51

๐Ÿ”ดVulnerability Details

3
GHSA
Apache Struts improper action name cleanupโ†—2022-05-17
โ–ถ
OSV
Apache Struts improper action name cleanupโ†—2022-05-17
โ–ถ
CVEList
CVE-2016-4436: Apache Struts 2 before 2โ†—2016-10-03
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
struts: Action name clean up is error proneโ†—2016-06-17
โ–ถ

๐Ÿ’ฌCommunity

1
Bugzilla
CVE-2016-4436 struts: Action name clean up is error proneโ†—2016-06-20
โ–ถ
CVE-2016-4436 (CRITICAL CVSS 9.8) | Apache Struts 2 before 2.3.29 and 2 | cvebase.io