6.8
CVSSv2

CVE-2016-4430

Published: 04/07/2016 Updated: 31/10/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apache Struts 2 2.3.20 up to and including 2.3.28.1 mishandles token validation, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

Affected Products

Vendor Product Versions
ApacheStruts2.3.20, 2.3.20.1, 2.3.20.3, 2.3.24, 2.3.24.1, 2.3.24.3, 2.3.28, 2.3.28.1

Vendor Advisories

Apache Struts 2 2320 through 23281 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors ...
Oracle Critical Patch Update Advisory - July 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...