Risk Scores
CVSS v2.0
7.5
EPSS Score
4.77%
89.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.apache.struts:struts2-core | 2.0.0, 2.5-BETA1 |
| n/a | n/a | n/a |
| apache | struts | 2.0.2, 2.0.3, 2.0.4 |
Timeline
- Oct 3, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 28, 2022 EPSS Score
- Jul 10, 2022 EPSS Score
- Sep 1, 2022 EPSS Score
- Dec 14, 2022 EPSS Score
- Feb 4, 2023 EPSS Score
- Mar 28, 2023 EPSS Score
- Jul 10, 2023 EPSS Score
- Aug 31, 2023 EPSS Score
- Oct 22, 2023 EPSS Score
- Feb 3, 2024 EPSS Score
References
- 91280 vdb
- http://www-01.ibm.com/support/docview.wss?uid=swg21987854 url
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282 url
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html url
- https://struts.apache.org/docs/s2-035.html url
- https://nvd.nist.gov/vuln/detail/CVE-2016-4436 advisory
- https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5 url
- https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7 url
- https://github.com/apache/struts package
- https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280 url