VDB
CVE-2016-4436
CVE-2016-4436
PUBLISHED
CVSS 7.5 HIGH
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.
EPSS 5.74% · 90.6th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
5.74%
90.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.apache.struts:struts2-core | 2.5-BETA1, 2.0.0 |
| n/a | n/a | n/a |
| apache | struts | 2.0.2, 2.0.3, 2.0.4 |
Exploit Intelligence
Timeline
- Oct 3, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Dec 21, 2023 EPSS Score
- Feb 12, 2024 EPSS Score
References
- 91280 vdb
- http://www-01.ibm.com/support/docview.wss?uid=swg21987854 url
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282 url
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html url
- https://struts.apache.org/docs/s2-035.html url
- https://nvd.nist.gov/vuln/detail/CVE-2016-4436 advisory
- https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5 url
- https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7 url
- https://github.com/apache/struts package
- https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280 url