Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-4430

Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

Published

2016-07-04T22:59:05.337

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	struts	2.3.20	Yes
Application	apache	struts	2.3.20.1	Yes
Application	apache	struts	2.3.20.3	Yes
Application	apache	struts	2.3.24	Yes
Application	apache	struts	2.3.24.1	Yes
Application	apache	struts	2.3.24.3	Yes
Application	apache	struts	2.3.28	Yes
Application	apache	struts	2.3.28.1	Yes

References

http://jvn.jp/en/jp/JVN45093481/index.html Vendor Advisory ([email protected])
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000111 VDB Entry, Vendor Advisory ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282 Third Party Advisory ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21987854 Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html ([email protected])
http://www.securityfocus.com/bid/91281 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1348249 Issue Tracking ([email protected])
https://struts.apache.org/docs/s2-038.html Vendor Advisory ([email protected])
http://jvn.jp/en/jp/JVN45093481/index.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000111 VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21987854 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/91281 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1348249 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://struts.apache.org/docs/s2-038.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)