CVE-2016-4431

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-07-04 22:59

Updated : 2024-02-04 18:53


NVD link : CVE-2016-4431

Mitre link : CVE-2016-4431

CVE.ORG link : CVE-2016-4431


JSON object : View

Products Affected

apache

  • struts
CWE
CWE-20

Improper Input Validation