5
CVSSv2

CVE-2016-4431

Published: 04/07/2016 Updated: 09/08/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

Apache Struts 2 2.3.20 up to and including 2.3.28.1 allows remote malicious users to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.

Affected Products

Vendor Product Versions
ApacheStruts2.3.20, 2.3.20.1, 2.3.20.3, 2.3.24, 2.3.24.1, 2.3.24.3, 2.3.28

Vendor Advisories

Apache Struts 2 2320 through 23281 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method ...
Oracle Critical Patch Update Advisory - July 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...