5
CVSSv2

CVE-2016-4465

Published: 04/07/2016 Updated: 09/08/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The URLValidator class in Apache Struts 2 2.3.20 up to and including 2.3.28.1 and 2.5.x prior to 2.5.1 allows remote malicious users to cause a denial of service via a null value for a URL field.

Affected Products

Vendor Product Versions
ApacheStruts2.3.20, 2.3.20.1, 2.3.20.3, 2.3.24, 2.3.24.1, 2.3.24.3, 2.3.28, 2.3.28.1, 2.5

Vendor Advisories

The URLValidator class in Apache Struts 2 2320 through 23281 and 25x before 251 allows remote attackers to cause a denial of service via a null value for a URL field ...
Oracle Critical Patch Update Advisory - July 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...